sql过滤单引号遇到个小问题
<!--#include file="conn.asp"--><%Function SafeRequest(ParaName) Dim ParaValue ParaValue=replace(ParaValue, "'", "'") 'ParaValue=replace(ParaValue," " ","'") SafeRequest=ParaValue End function title=trim(request.form("title"))content=trim(request.form("content"))tilte=saferequest(title)content=saferequest(content)response.write titleresponse.write "<br/>"response.write contentresponse.write "<br/>"sql="insert into pro(title,content)values('"&title&"','"&content&"')"response.write sqlresponse.endconn.execute sql,adExecuteNoRecordsresponse.write"<script language=javascript>alert('ok!');window.location.href='index.asp';</script>"%>
Function SafeRequest([color=#FF0000]ParaName[/color]) Dim ParaValue ParaValue=replace([color=#FF0000]ParaValue[/color], "'", "'") 'ParaValue=replace(ParaValue," " ","'") SafeRequest=ParaValue End function
[解决办法]
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=replace(ParaValue, "'", "'")
'ParaValue=replace(ParaValue," " ","'")
SafeRequest=ParaValue
End function