[Original] Prevents the function of SQL injection.

'********************************************************** *******************************

'Author: Loster (OICQ: 181306) [If reproduced, please do not delete this information, thank you]

'Function name: s_request ()

'Auxiliary function: r_reader ()

'Role: Filter illegal characters to prevent SQL injection.

'Parameters: s_str: Name of the incoming variable, type: string

'Return Value: Filter the value.

'********************************************************** **********************************

Const c_sqlstr = "', count, user, user, count, 1 = 1, and 2 = 2" "requires filtering string sequence, each string", "separation

Dim Reader

Function r_reader (r_str, f_str) DIM i if r_str = "" or f_str = "" "or = 0 to Ubound (Reader, 1) Reader (i) = cstr (Reader, 1) Reader (i) = cstr Trim (Reader (i))) Next R_Reader = Ubound (Reader, 1) End Function

Function S_Request (S_STR) DIM TEMP, I IF S_STR = "" "The EXIT FUNCTION END IF

Temp = Request (s_str) for i = 0 to r_reader (c_sqlstr, ",") TEMP = Replace (Temp, CSTR (Reader (I)), "") Next Temp = Replace (Temp, CHR (34), "" ) S_Request = CSTR (Trim (TEMP)) ERASE READEREND FUNCTION

usage:

For example such a statement:

A = Request ("a")

Now write:

A = S_REQUEST ("a")

Improve illegal string filtering can be implemented.

Of course, you can also write this:

Function S_Request (S_STR) DIM TEMP, I, TEMP1 IF S_STR = "" THEN EXIT FUNCTION END IF

Temp = cstr (Request (s_str)) TEMP1 = Temp for i = 0 to r_reader (c_sqlstr, ",") TEMP = Replace (Temp, CSTR (Reader (I)), "") IF Temp1 <> Temp Then Response. Write ("Please do not enter illegal characters!") Response.end end if next temp = replace (Temp, Chr (34), "") S_Request = CSTR (TEMP) ERASE READEREND FUNCTION

This way, an error report can be returned.