SafeSQL.asp

出自 ProgWiki
前往: 導覽搜尋

用途

程式碼

<%
Function SafeSqlStr(Str)
	SafeSqlStr=Str
	SafeSqlStr=Replace(SafeSqlStr,"'","''")
	SafeSqlStr="'"+SafeSqlStr+"'"
End Function
 
Function SafeSqlLike(Str)
	SafeSqlLike=Str
	SafeSqlLike=Replace(SafeSqlLike,"'","''")
	SafeSqlLike="'%"+SafeSqlLike+"%'"
End Function
 
Function SafeSqlInt(Var)
	If (IsNumeric(Var)) Then
		SafeSqlInt=CInt(Var)
	Else
		SafeSqlInt=0
	End If
End Function
 
Function SafeSqlDate(Var)
	If (IsDate(Var)) Then
		SafeSqlDate="'"+CStr(CDate(Var))+"'"
	Else
		SafeSqlDate="'"+CStr(Date())+"'"
	End If
End Function
 
Function SafeHtmlStr(Str)
	SafeHtmlStr=Str
	SafeHtmlStr=Replace(SafeHtmlStr,"&","&amp;")
	SafeHtmlStr=Replace(SafeHtmlStr,"<","&lt;")
	SafeHtmlStr=Replace(SafeHtmlStr,">","&gt;")
	SafeHtmlStr=Replace(SafeHtmlStr," ","&nbsp;")
	SafeHtmlStr=Replace(SafeHtmlStr,chr(13),"<br />")
End Function
 
Function SafeJsStr(Str)
	SafeJsStr=Str
	SafeJsStr=Replace(SafeJsStr,chr(10),"")
	SafeJsStr=Replace(SafeJsStr,chr(13),"\n")
	SafeJsStr=Replace(SafeJsStr,"'","\'")
	SafeJsStr=Replace(SafeJsStr,"""","\""")
End Function
%>