sql过滤单引号遇到个小疑点

2012-02-24

sql过滤单引号遇到个小问题VBScript code!--#include fileconn.asp--%FunctionSafeRequest(ParaName

sql过滤单引号遇到个小问题

VBScript code

<!--#include file="conn.asp"--><%Function   SafeRequest(ParaName)     Dim   ParaValue     ParaValue=replace(ParaValue, "'", "&#39")     'ParaValue=replace(ParaValue," " ","&#39")    SafeRequest=ParaValue End   function title=trim(request.form("title"))content=trim(request.form("content"))tilte=saferequest(title)content=saferequest(content)response.write titleresponse.write "<br/>"response.write contentresponse.write "<br/>"sql="insert into pro(title,content)values('"&title&"','"&content&"')"response.write sqlresponse.endconn.execute sql,adExecuteNoRecordsresponse.write"<script language=javascript>alert('ok!');window.location.href='index.asp';</script>"%>

[解决办法]

VBScript code

Function   SafeRequest([color=#FF0000]ParaName[/color])     Dim   ParaValue     ParaValue=replace([color=#FF0000]ParaValue[/color], "'", "&#39")     'ParaValue=replace(ParaValue," " ","&#39")    SafeRequest=ParaValue End   function
[解决办法]
Function   SafeRequest(ParaName)  
   Dim   ParaValue  
   ParaValue=replace(ParaValue, "'", "&#39")  
   'ParaValue=replace(ParaValue," " ","&#39")
   SafeRequest=ParaValue  
End   function

热点排行

vbScript

sql过滤单引号遇到个小疑点