Function Author: loster (oicq:181306) [if reproduced, do not delete this information, thank you]
' Function name: S_request ()
' Auxiliary function: R_reader ()
' Function: Filter illegal characters to prevent SQL injection.
' Parameter: s_str: The name of the variable passed in, type: string
' Return value: the filtered value.
'***************************************************************************
Const c_sqlstr= "', count,user,user,count,1=1,and,2=2" ' a sequence of strings to be filtered, separated by "," between each string
Dim Reader
Function R_reader (R_STR,F_STR)
Dim I
If r_str= "" Or f_str= "" Then
Exit Function
End If
Reader=split (R_STR,F_STR)
For i=0 to Ubound (reader,1)
Reader (i) =cstr (Trim (Reader (i))
Next
R_reader=ubound (reader,1)
End Function
Function S_request (S_STR)
Dim Temp,i
If s_str= "" Then
Exit Function
End If
Temp=request (S_STR)
For i=0 to R_reader (C_sqlstr, ",")
Temp=replace (Temp,cstr (Reader (i)), ""
Next
Temp=replace (TEMP,CHR (34), "")
S_request=cstr (Trim (Temp))
Erase Reader
End Function
Usage:
The original example of such a statement:
A=request ("a")
Now write:
A=s_request ("a")
You can implement illegal string filtering.
Of course, you can also write this:
Function S_request (S_STR)
Dim TEMP,I,TEMP1
If s_str= "" Then
Exit Function
End If
Temp=cstr (Request (S_STR))
Temp1=temp
For i=0 to R_reader (C_sqlstr, ",")
Temp=replace (Temp,cstr (Reader (i)), ""
If temp1<>temp Then
Response.Write ("Please do not enter illegal characters!") ")
Response.End
End If
Next
Temp=replace (TEMP,CHR (34), "")
S_request=cstr (Trim (Temp))
Erase Reader
End Function
In this way, you can return an error report.
