- function killn(byval s1) '过滤数值型参数
- if not isnumeric(s1) then
- killn=0
- else
- if s1〈0 or s1〉2147483647 then
- killn=0
- else
- killn=clng(s1)
- end if
- end if
- end function
- function killc(byval s1) 过滤货币型参数
- if not isnumeric(s1) then
- killc=0
- else
- killc=formatnumber(s1,2,-1,0,0)
- end if
- end function
- function killw(byval s1) '过滤字符型参数
- if len(s1)=0 then
- killw=""
- else
- killw=trim(replace(s1,"'",""))
- end if
- end function
- function killbad(byval s1) 过滤所有危险字符,包括跨站脚本
- If len(s1) = 0 then
- killbad=""
- else
- killbad = trim(replace(replace(replace(replace(replace(replace(replace(replace(s1,Chr(10), "〈br〉"), Chr(34), """), "〉", ">"), "〈", "<"), "&", "&"),chr(39),"'"),chr(32)," "),chr(13),""))
- end if
- end function
这四个函数。运用好,基本可以防住SQL注入 |
|
[复制链接]
