我想把留言添加上HTML格式过滤这一功能,该怎么弄?

谢谢~~~

[QUOTE]Function CheckStr(byVal ChkStr) '字符过滤
Dim Str:Str=ChkStr
Str=Trim(Str)
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Dim re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="(\r\n){3,}"
Str=re.Replace(Str,"$1$1$1")
Set re=Nothing
Str = Replace(Str,"'","''")
Str = Replace(Str, "select", "select")
Str = Replace(Str, "join", "join")
Str = Replace(Str, "union", "union")
Str = Replace(Str, "where", "where")
Str = Replace(Str, "insert", "insert")
Str = Replace(Str, "delete", "delete")
Str = Replace(Str, "update", "update")
Str = Replace(Str, "like", "like")
Str = Replace(Str, "drop", "drop")
Str = Replace(Str, "create", "create")
Str = Replace(Str, "modify", "modify")
Str = Replace(Str, "rename", "rename")
Str = Replace(Str, "alter", "alter")
Str = Replace(Str, "cast", "cast")
Str = Replace(Str, "script", "script")
Str = Replace(Str, "src", "src")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "<", "<")
CheckStr=Str
End Function[/QUOTE]

调用方法：
CheckStr(Str)
如：
Content=CheckStr(Request.Form("content"))

这个函数该放什么位置?<head></head>之间吗?

还有这"Content=CheckStr(Request.Form("content")) "怎么理解?

你可以专门做一个页面(function.asp)
然后在要过滤字符的页面包含进来
<!--#include file="function.asp" -->

function.asp 页面代码如下(eg):

[QUOTE]<%

Function CheckStr(byVal ChkStr) '字符过滤
Dim Str:Str=ChkStr
Str=Trim(Str)
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Dim re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="(\r\n){3,}"
Str=re.Replace(Str,"$1$1$1")
Set re=Nothing
Str = Replace(Str,"'","''")
Str = Replace(Str, "select", "sel&#101;ct")
Str = Replace(Str, "join", "jo&#105;n")
Str = Replace(Str, "union", "un&#105;on")
Str = Replace(Str, "where", "wh&#101;re")
Str = Replace(Str, "insert", "ins&#101;rt")
Str = Replace(Str, "delete", "del&#101;te")
Str = Replace(Str, "update", "up&#100;ate")
Str = Replace(Str, "like", "lik&#101;")
Str = Replace(Str, "drop", "dro&#112;")
Str = Replace(Str, "create", "cr&#101;ate")
Str = Replace(Str, "modify", "mod&#105;fy")
Str = Replace(Str, "rename", "ren&#097;me")
Str = Replace(Str, "alter", "alt&#101;r")
Str = Replace(Str, "cast", "ca&#115;t")
Str = Replace(Str, "script", "script")
Str = Replace(Str, "src", "src")
Str = Replace(Str, ">", ">")
Str = Replace(Str, "<", "<")
CheckStr=Str
End Function
%>[/QUOTE]

加入这函数后这样写行吗
if ly="" then

Response.write("请输入留言内容！")
Response.end
else
ly=CheckStr(Request.Form("ly"))
end if

不过第一行
if ly="" then '应该改为 if request("ly")="" then

Response.write("请输入留言内容！")
Response.end
else
ly=CheckStr(Request.Form("ly"))
end if

我前面有定义
dim ly
ly=trim(request("ly"))


可以实现了 ,我得改些过滤的字符

谢谢拉

你帮我解决不少问题

函数的这个定义"Dim Str:Str=ChkStr"怎么理解的?

第一个 str是字符数据类型
第二个 str是变量名

应该是这样的