读书人
栏目

sql过滤单引号遇到个小疑点

发布时间: 2012-02-24 16:30:38 作者: rapoo

sql过滤单引号遇到个小问题

VBScript code
<!--#include file="conn.asp"--><%Function   SafeRequest(ParaName)     Dim   ParaValue     ParaValue=replace(ParaValue, "'", "&#39")     'ParaValue=replace(ParaValue," " ","&#39")    SafeRequest=ParaValue End   function title=trim(request.form("title"))content=trim(request.form("content"))tilte=saferequest(title)content=saferequest(content)response.write titleresponse.write "<br/>"response.write contentresponse.write "<br/>"sql="insert into pro(title,content)values('"&title&"','"&content&"')"response.write sqlresponse.endconn.execute sql,adExecuteNoRecordsresponse.write"<script language=javascript>alert('ok!');window.location.href='index.asp';</script>"%>


[解决办法]
VBScript code
Function   SafeRequest([color=#FF0000]ParaName[/color])     Dim   ParaValue     ParaValue=replace([color=#FF0000]ParaValue[/color], "'", "&#39")     'ParaValue=replace(ParaValue," " ","&#39")    SafeRequest=ParaValue End   function
[解决办法]
Function   SafeRequest(ParaName)  
   Dim   ParaValue  
   ParaValue=replace(ParaValue, "'", "&#39")  
   'ParaValue=replace(ParaValue," " ","&#39")
   SafeRequest=ParaValue  
End   function
读书人网 >vbScript

热点推荐

触屏版 | 电脑版

读书人网 m.reader8.net