过滤sql特殊字符

现在的位置: 首页 > 综合 > 正文

过滤sql特殊字符

2013年09月15日 ⁄ 综合 ⁄ 共 2640字 ⁄ 字号小中大 ⁄ 评论关闭

function POP_sqlin(text)
  if isnull(text) then
    POP_sqlin=""
    exit function
  end if

  dim Sqlwords
  Set Sqlwords=new RegExp
  Sqlwords.IgnoreCase =True
  Sqlwords.Global=True

  Sqlwords.Pattern="(')"
  text=Sqlwords.Replace(text,"''")
  Sqlwords.Pattern="(;)"
  text=Sqlwords.Replace(text,"；")
  Sqlwords.Pattern="(%)"
  text=Sqlwords.Replace(text,"％")
  Sqlwords.Pattern="(and)"
  text=Sqlwords.Replace(text,"ａｎｄ")
  Sqlwords.Pattern="(exec)"
  text=Sqlwords.Replace(text,"ｅｘｅｃ")
  Sqlwords.Pattern="(execute)"
  text=Sqlwords.Replace(text,"ｅｘｅｃｕｔｅ")
  Sqlwords.Pattern="(insert)"
  text=Sqlwords.Replace(text,"ｉｎｓｅｒｔ")
  Sqlwords.Pattern="(select)"
  text=Sqlwords.Replace(text,"ｓｅｌｅｃｔ")
  Sqlwords.Pattern="(delete)"
  text=Sqlwords.Replace(text,"ｄｅｌｅｔｅ")
  Sqlwords.Pattern="(update)"
  text=Sqlwords.Replace(text,"ｕｐｄａｔｅ")
  Sqlwords.Pattern="(count)"
  text=Sqlwords.Replace(text,"ｃｏｕｎｔ")
  Sqlwords.Pattern="(chr)"
  text=Sqlwords.Replace(text,"ｃｈｒ")
  Sqlwords.Pattern="(mid)"
  text=Sqlwords.Replace(text,"ｍｉｄ")
  Sqlwords.Pattern="(master)"
  text=Sqlwords.Replace(text,"ｍａｓｔｅｒ")
  Sqlwords.Pattern="(truncate)"
  text=Sqlwords.Replace(text,"ｔｒｕｎｃａｔｅ")
  Sqlwords.Pattern="(char)"
  text=Sqlwords.Replace(text,"ｃｈａｒ")
  Sqlwords.Pattern="(declare)"
  text=Sqlwords.Replace(text,"ｄｅｃｌａｒｅ")

Set Sqlwords=Nothing
POP_sqlin = text
end function

function POP_sqlout(text)
  if isnull(text) then
    POP_sqlout=""
    exit function
  end if
  text = Replace(text,"''","'")
  text = Replace(text,"；",";")
  text = Replace(text,"％","%")
  text = Replace(text,"ａｎｄ","and")
  text = Replace(text,"ｅｘｅｃ","exec")
  text = Replace(text,"ｅｘｅｃｕｔｅ","execute")
  text = Replace(text,"ｉｎｓｅｒｔ","insert")
  text = Replace(text,"ｓｅｌｅｃｔ","select")
  text = Replace(text,"ｄｅｌｅｔｅ","delete")
  text = Replace(text,"ｕｐｄａｔｅ","update")
  text = Replace(text,"ｃｏｕｎｔ","count")
  text = Replace(text,"ｃｈｒ","chr")
  text = Replace(text,"ｍｉｄ","mid")
  text = Replace(text,"ｍａｓｔｅｒ","master")
  text = Replace(text,"ｔｒｕｎｃａｔｅ","truncate")
  text = Replace(text,"ｃｈａｒ","char")
  text = Replace(text,"ｄｅｃｌａｒｅ","declare")
  POP_sqlout = text
end function

function HTMLEncode(popstring)
  if not isnull(popstring) then
  popstring = POP_sqlout(popstring)
  popstring = replace(popstring, ">", ">")
  popstring = replace(popstring, "<", "<")
  popstring = Replace(popstring, CHR(32), " ")
  popstring = Replace(popstring, CHR(9), " ")
  popstring = Replace(popstring, CHR(34), """)
  popstring = Replace(popstring, CHR(39), "'")
  popstring = Replace(popstring, CHR(10) & CHR(10), "</p><p> ")
  popstring = Replace(popstring, CHR(10), "<br /> ")
  popstring = Replace(popstring, CHR(36), "$")
  HTMLEncode = popstring
  end if
end function

【上篇】让背景小图不是拉伸而是多个重复（类似于将一张小图设置电脑桌面时的效果）
【下篇】六十六条经典禅语提升人生境界

作者: syren

该日志由 syren 于11年前发表在综合分类下，最后更新于 2013年09月15日.
转载请注明: 过滤sql特殊字符 | 学步园 +复制链接

抱歉!评论已关闭.

学步园

过滤sql特殊字符

作者: syren

书签

最新文章New

本站推荐

返回首页