实现效果:通过对特殊字符的转换,可以保证数据的安全。
代码如下:
<%
Function FormatHTML(fString)
If fString<>"" Then
fString = trim(fString)
fString = replace(fString, ";", ";") ''分号过滤
> fString = replace(fString, "--", "——") ''--过滤
fString = replace(fString, "%20", "") ''特殊字符过滤
p; fString = replace(fString, "==", "") ''==过滤
fString = replace(fString, ">", ">")
fString = replace(fString,
"<", "<")
fString = Replace(fString, CHR(32), " ") ''
fString = Replace(fString, CHR(9
: #000000; BACKGROUND-COLOR: #f5f5f5">), " ") ''
fString = Replace(fString, CHR(34), """)
fString = Replace(fString, CHR(39), "'
KGROUND-COLOR: #f5f5f5">") ''单引号过滤
fString = Replace(fString, CHR(13), "")
fString = Replace(fString, CHR(10) & CHR(10), "</P><P>
pan>")
fString = Replace(fString, CHR(10), "<BR> ")
FormatHTML = fString
End If
End Function
%>
第二种代码:
<%
Function ChkInvaildWord(Words)
Const InvaildWords="select|update|delete|insert|@|--|," '需要过滤得字符以“|”隔开,最后结束的字符必须是|
ChkInvaildWord=True
InvaildWord=Split(InvaildWords,"|")
inWords=LCase(Trim(Words))
For i=LBound(InvaildWord) To UBound(InvaildWord)
If Instr(inWords,InvaildWord(i))>0 Then
ChkInvaildWord=True
Exit Function
End If
Next
ChkInvaildWord=False
End Function
%>