來自http://www.player.idv.tw/prog/index.php/SafeSQL.asp的文章
Function SafeSqlStr(Str)
SafeSqlStr=Str
SafeSqlStr=Replace(SafeSqlStr,"'","''")
SafeSqlStr="'"+SafeSqlStr+"'"
End Function
Function SafeSqlLike(Str)
SafeSqlLike=Str
SafeSqlLike=Replace(SafeSqlLike,"'","''")
SafeSqlLike="'%"+SafeSqlLike+"%'"
End Function
Function SafeSqlInt(Var)
If (IsNumeric(Var)) Then
SafeSqlInt=CInt(Var)
Else
SafeSqlInt=0
End If
End Function
Function SafeSqlDate(Var)
If (IsDate(Var)) Then
SafeSqlDate="'"+CStr(CDate(Var))+"'"
Else
SafeSqlDate="'"+CStr(Date())+"'"
End If
End Function
Function SafeHtmlStr(Str)
SafeHtmlStr=Str
SafeHtmlStr=Replace(SafeHtmlStr,"&","&")
SafeHtmlStr=Replace(SafeHtmlStr,"<","<")
SafeHtmlStr=Replace(SafeHtmlStr,">",">")
SafeHtmlStr=Replace(SafeHtmlStr," "," ")
SafeHtmlStr=Replace(SafeHtmlStr,chr(13),"
")
End Function
Function SafeJsStr(Str)
SafeJsStr=Str
SafeJsStr=Replace(SafeJsStr,chr(10),"")
SafeJsStr=Replace(SafeJsStr,chr(13),"\n")
SafeJsStr=Replace(SafeJsStr,"'","\'")
SafeJsStr=Replace(SafeJsStr,"""","\""")
End Function
