CHR (9), CHR (10), CHR (13), CHR (32), CHR (34)
All ASCII code tables: [url] http://www.asciitable.com/#/url]
CHR (13) is a carriage return
CHR (10) is a line break
CHR (32) is a space character
9 \ 34 is a tab, not sure?
The following are some display columns:
Special space characters
In ASP programming, we often use the trim (rtrim, ltrim) function to remove spaces at the beginning and end of some data. I recently wrote an ASP chat room with the following section Code :
<% Dim name, title
Name = trim (request. Form ("name "))
Password = trim (request. Form ("password "))
If name = "" or password = "" Then response. Redirect "error. asp? Error = Name & name = NULL"
Mydsn = "DSN = test; uid = test; Pwd = test"
Set Cn = server. Createobject ("ADODB. Connection ")
CN. Open mydsn
SQL = "insert into test (name, title) values ('" & name & "', '" & password &"')"
Cn.exe cute (SQL)
CN. Close %>
The TRIM function is used to remove spaces at the beginning and end. Program The execution is normal, but then I found someone could use spaces to come in, which means that the user's name is completely blank, however, I try to use spaces myself, But no matter whether they can pass (that is, they are monitored by the Program), the spaces at the beginning and end are removed by the trim function, even if there is a space in the middle, if necessary, I can also use a function to remove spaces in the middle. Because I use the user data recorded in the SQL database, I suspect that the system cannot see anything else, so I went to check the SQL database that records user data (I used this method to see users with line breaks), but I still see that the data for users in the database is also blank, does this mean that the user can bypass the monitoring of my username and password ??? I could not find any program vulnerabilities, so I could only ask this user. Fortunately, this user told me that it was "Alt + 255 ", press the Alt key and press "2", "5", and "5" in the keypad in sequence to generate a special character "space" (this concept is not clear to me, this is a type of control character. You can see Word2000 in some editors and there should be other control characters). This space character is different from the traditional character generated by pressing the Space key, its ASC code is 255, while the ASC code of the Space entered by the traditional space is 32, and the trim function can only recognize and remove the Code with the ASC code being 32, so there is a space user! In this case, I designed the following two functions to remove the "space" character:
Function xuankong (STR)
Dim result
Dim J
J = Len (STR)
Result = ""
Dim I
For I = 1 to J
Select case mid (STR, I, 1)
Case "<"
Result = Result + "<"
Case ">"
Result = Result + ">"
Case CHR (34)
Result = Result + """
Case "&"
Result = Result + "&" 'the above Code converts some HTML tags
Case CHR (255) 'prevents special spaces
Result = Result
Case CHR (13) 'prevents carriage returns
Result = Result + ""
Case CHR (10) 'prevents line breaks
Result = Result + ""
Case else
Result = Result + mid (STR, I, 1)
End select
Next
Xuankong = Result
End Function
Then use this function in your ASP program, for example:
Name = xuankong (TRIM (request. Form ("name ")))
Because the value of the 0-z ASC code is 48-122, you can use the following method for monitoring:
Dim J
J = Len (TRIM (request. Form ("name ")))
For I = 1 to J
If ASC (mid (name, I, 1)> 122 or ASC (mid (name, I, 1) <48 then response... redirect "error. asp?
Error = Special"
Next
Although this "space" is not found to damage the program for the moment, it can make people confused, or it is better to prevent it, but this space also has a benefit, if you have to use your internet password, hey... ... I'm afraid few people can see it! I think it's space, but it's not... ... I am not familiar with PHP and JSP, so I don't know if this problem exists in these two things.
Neweguo 2006-1-12 0:55 AM
How to read Spaces
How to read Spaces
We often need to dynamically display the content retrieved from files on webpages. If you have compiled a program such as a chat room or forum, the content of each speaker must first exist in a text file and then be displayed on the webpage. However, the control that allows users to input content on the webpage is a text box. When the content in the text box is displayed on the webpage, characters similar to spaces and line breaks cannot be displayed, that is, there is no paragraph. To display paragraphs on a webpage, you must insert HTML characters in the spaces and line breaks of the text to display these characters. See the following example.
If a chat room screen is displayed on the webpage, we enter the content in the text box and click "Submit" to display our content on the page. The text box is named text1, we can use the following method to skillfully display text line breaks and spaces.
<%
......
......
STR = request. querystring ("text1 ")
STR = Replace (STR, CHR (32), "& nbsp ")
'Change the space to the & nbsp flag.
STR = Replace (STR, vbcrlf, "<br> ")
'Change the carriage return line break to the <br> flag.
Response. Write Str
......
......
%>
After the above Code, we will change the line breaks in the text to the line breaks that the browser can recognize, and replace the spaces with the & nbsp spaces. CHR (32) indicates space, while vbcrlf indicates carriage return and line feed.
Neweguo 2006-1-12 0:55 AM
CHR (13) is a carriage return
(
Example: replace all carriage returns with <br/>
# Replace (Foo, CHR (13), "<br/>", "all ")#
)
CHR (10) is a line break
All tables about ASCII code: [url] http://www.asciitable.com./[/url]
<Cfscript>
/**
* An enhanced version Article Paragraph Formatting Function
* Use) to replace the tab, supporting multiple systems
* Rewrite and multios support by Nathan dintenfas.
*
* @ Param string the string to format. (required)
* @ Return returns a string.
* @ Author Ben forta ([email] ben@forta.com [/Email])
* @ Version 3, June 26,200 2
*/
Function paragrap1hformat2 (STR ){
// First make Windows style into UNIX style
STR = Replace (STR, CHR (13) & CHR (10), CHR (10), "all ");
// Now make Macintosh style into UNIX style
STR = Replace (STR, CHR (13), CHR (10), "all ");
// Now fix tabs
STR = Replace (STR, CHR (9), "", "all ");
// Now return the Text formatted in HTML
Return Replace (STR, CHR (10), "<br/>", "all ");
}
</Cfscript>
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.