Some important points to be noticed in the code and test of the escape characters and codes used in ASP

The escape characters most commonly used in ASP are:< (&lt;), > (&gt;), "(&quot;)," (& #039;), etc. The code description is as follows: Before the form data is stored, the main note is ' (single quotes), because the general SQL statement is in the single quote bounds If the single quotation marks in the collected string are not processed, it is easy to create a SQL syntax error. The approach is to write a unified handler function that replaces one single quote with two consecutive single quotes, such as function Formattext (ByVal thetext) TheText = Replace (thetext, "'", "") Formattext = TheText End Function When reading data from the database, special attention is paid to the processing of ",<,>", respectively, as follows: Double quotes are used in the following situations, <%event_desc = RS ("Event_desc")%> <input type= "text" name= "Event_desc" value= "<%=event_desc%>" > If the value of Rs ("Event_desc") is ABC "test" 123, the above statement will ultimately be like this, <input type= "text" name= "Event_desc" value= "abc" TEST "123", in IE, I It is obvious to think of the error, and to avoid the occurrence of the situation, it is suggested that the first statement above be replaced by the following <%event_desc = replace (RS ("Event_desc"), "" "", "&quot;" %> Of course, if the output statement is the case below, you also need to process single quotes. <% Event_desc = RS ("Event_desc") Response.Write "<input type= ' text ' name= ' event_desc '" Value= ' "& Event_desc &" ' > " %> "<>" need to deal with, I would like to say more, otherwise light Web page format confusion, heavy will be in the trap of malicious code. In fact, as long as the process of "<" can be, less "<", HTML tags in the ">" naturally does not work. Processing method, except With Server.HTMLEncode (), if you want to make automatically added <BR> and other tags useful, you can use data warehousing first Convert to, after adding the way as <BR>.