SafeSQL.asp
跳至導覽
跳至搜尋
用途
- 自組SQL命令字串時,避免帶入的參數導致SQL資料隱碼。
程式碼
<% Function SafeSqlStr(Str) SafeSqlStr=Str SafeSqlStr=Replace(SafeSqlStr,"'","''") SafeSqlStr="'"+SafeSqlStr+"'" End Function Function SafeSqlLike(Str) SafeSqlLike=Str SafeSqlLike=Replace(SafeSqlLike,"'","''") SafeSqlLike="'%"+SafeSqlLike+"%'" End Function Function SafeSqlInt(Var) If (IsNumeric(Var)) Then SafeSqlInt=CInt(Var) Else SafeSqlInt=0 End If End Function Function SafeSqlDate(Var) If (IsDate(Var)) Then SafeSqlDate="'"+CStr(CDate(Var))+"'" Else SafeSqlDate="'"+CStr(Date())+"'" End If End Function Function SafeHtmlStr(Str) SafeHtmlStr=Str SafeHtmlStr=Replace(SafeHtmlStr,"&","&") SafeHtmlStr=Replace(SafeHtmlStr,"<","<") SafeHtmlStr=Replace(SafeHtmlStr,">",">") SafeHtmlStr=Replace(SafeHtmlStr," "," ") SafeHtmlStr=Replace(SafeHtmlStr,chr(13),"<br />") End Function Function SafeJsStr(Str) SafeJsStr=Str SafeJsStr=Replace(SafeJsStr,chr(10),"") SafeJsStr=Replace(SafeJsStr,chr(13),"\n") SafeJsStr=Replace(SafeJsStr,"'","\'") SafeJsStr=Replace(SafeJsStr,"""","\""") End Function %>