防sql注入函数
关键词:防sql注入函数,防sql注入,sql注入函数,防sql注入代码
reString是原来的字符串,HTMLEncode是转换后的字符串
Function HTMLEncode(reString)
Dim Str:Str=reString
If Not IsNull(Trim(Str)) Then
Str = Replace(Str, "&", "&")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "<", "<")
Str = Replace(Str, CHR(34),""")
Str = Replace(Str, CHR(39),"'")
Str = Replace(Str, CHR(13), "")
Str = Replace(Str, " ", " ", 1, -1, 1)
Str = Replace(Str, " ", " ", 1, -1, 1)
Str = Replace(Str, " ", " ", 1, -1, 1)
Str = Replace(Str, " ", " ", 1, -1, 1)
Str = Replace(Str, " ", " ", 1, -1, 1)
Str = Replace(Str, " ", " ", 1, -1, 1)
Str = Replace(Str, CHR(10), "<br>")
Str = Replace(Str, "select", "select")
Str = Replace(Str, "join", "join")
Str = Replace(Str, "union", "union")
Str = Replace(Str, "where", "where")
Str = Replace(Str, "insert", "insert")
Str = Replace(Str, "delete", "delete")
Str = Replace(Str, "update", "update")
Str = Replace(Str, "like", "like")
Str = Replace(Str, "drop", "drop")
Str = Replace(Str, "create", "create")
Str = Replace(Str, "modify", "modify")
Str = Replace(Str, "rename", "rename")
Str = Replace(Str, "alter", "alter")
Str = Replace(Str, "cast", "cast")
HTMLEncode=Str
end if
End Function