UC知道“如何使用”SQL过滤代码
来源:百度知道 编辑:UC知道 时间:2024/06/22 23:42:24
'**************************************************
' 作用: 严格过滤非法的SQL字符
' 参数: strChar-----要过滤的字符
' 返回: 过滤后的字符
' 时间: 2005-3-8 9:21
' 修改: 无
'**************************************************
Public Function RepBadChar(strChar)
If strChar="" Then
RepBadChar=""
Else RepBadChar=Replace(Replace(Replace(Replace(Replace(Replace(Replace(Replace(strChar,"'",""),"?",""),"(","("),")",")"),"<",""),".","."),">","")," ","")
End if
End function
如何在下文中使用这个代码?
我在文件中这样用:
if RepBadChar(request.QueryString("id"))=False then
response.write"<script>alert(""提交有错误"");location.href=""../index.asp"";</sc
' 作用: 严格过滤非法的SQL字符
' 参数: strChar-----要过滤的字符
' 返回: 过滤后的字符
' 时间: 2005-3-8 9:21
' 修改: 无
'**************************************************
Public Function RepBadChar(strChar)
If strChar="" Then
RepBadChar=""
Else RepBadChar=Replace(Replace(Replace(Replace(Replace(Replace(Replace(Replace(strChar,"'",""),"?",""),"(","("),")",")"),"<",""),".","."),">","")," ","")
End if
End function
如何在下文中使用这个代码?
我在文件中这样用:
if RepBadChar(request.QueryString("id"))=False then
response.write"<script>alert(""提交有错误"");location.href=""../index.asp"";</sc
Public Function RepBadChar(strChar)
If strChar="" Then
RepBadChar=""
Else
RepBadChar=Replace(Replace(Replace(Replace(Replace(Replace(Replace(Replace(strChar,"'",""),"?",""),"(","("),")",")"),"<",""),".","."),">","")," ","")
End if
End function
dim id
id =request.QueryString("id")
if len(RepBadChar(id))<>len(request.QueryString("id")) then
response.write"<script>alert(""id参数里含有非法字符"");location.href=""../index.asp"";</script>"
response.end
end if
RepBadChar函数不是反回真假值,它不是查找有没有非法字符,他是替换非法字符。
如果你的id=741'的话,
RepBadChar(request.QueryString("id"))的结果是741