[求助]如何替换掉非法字符，我在论坛上没有搜索到就来请教了
高手可以举例吗


还有就是替换非法字符的代码一般是放在处理信息的文件里还是放在输出信息的文件里呢
新手上路问题多多

txtSql=Replace(txtSql, "'", "＇")
txtSql=Replace(txtSql, "+", "＋")
txtSql=Replace(txtSql, "<", "＜")
txtSql=Replace(txtSql, ">", "＞")
txtSql=Replace(txtSql, "(", "（")
txtSql=Replace(txtSql, ")", "）")
txtSql=Replace(txtSql, "$", "＄")
txtSql=Replace(txtSql, "^", "︿")
txtSql=Replace(txtSql, "&", "＆")
txtSql=Replace(txtSql, "*", "＊")
txtSql=Replace(txtSql, "#", "＃")
txtSql=Replace(txtSql, "?", "？")
txtSql=Replace(txtSql, "!", "！")
应该是这样的，把英文的替换成中文的

如果是防SQL注入当然要放在处理信息文件中了

我不喜欢这样，因为这样没有真实感，而且不方便别人复杂代码。

能说说你的思路吗？我只会这个，还没有没的办法。

<%
'''''''''过滤字符
function filtrate(contentTemp,length)
length=Cint(length)
contentTemp=replace(contentTemp,"'","''")
contentTemp=replace(contentTemp,chr(34),"""")
contentTemp=replace(contentTemp,"&","&amp;")
contentTemp=replace(contentTemp," ","&nbsp;&nbsp;")
contentTemp=replace(contentTemp,"<","&lt;")
contentTemp=replace(contentTemp,">","&gt;")
if len(contentTemp)>length then
contentTemp=left(contentTemp,length)
end if
filtrate=contentTemp
end function
%>

写得不全，但我觉得过滤这几个就可以了。可以自己加

[此贴子已经被作者于2006-1-22 22:27:49编辑过]

也只能自己硬编码添加要过滤的字符，除非谁还有更好的办法。

太深傲了,天啊SAVE。ASP
<%
function filtrate(con,length)
length=Cint(length)
con=replace(con,"'","''")
con=replace(con,chr(34),"""")
con=replace(con,"&","&amp;")
con=replace(con," ","&nbsp;&nbsp;")
con=replace(con,"<","&lt;")
con=replace(con,">","&gt;")
if len(con)>length then
con=left(con,length)
end if
filtrate=con
end function
%>
<%
dim title,con
title=request.form("title")
con=request.form("con")
if trim(title)="" or trim(con)="" then
response.write"所填标题和内容不能为空"
end if
if len(request.form("title"))>5 or len(request.form("con"))>200 then
response.write"所填标题和内容过长"
end if
set rs= Server.CreateObject("adodb.recordset")
sql= "select * from guestbook"
rs.open sql,conn,1,3
rs.addnew
rs("title")=title
rs("con")=con
rs.update
rs.close
set rs=nothing
conn.close
set conn=nothing
response.write("成功<A HREF=list.asp>返回</A>")
%>
这样吧

函数filtrate没用上啊

function checkStr(str)
str=replace(str,"'","")
Str=Replace(Str,chr(39),"") '过滤SQL注入
Str=Replace(Str,chr(91),"") '过滤SQL注入[
Str=Replace(Str,chr(93),"") '过滤SQL注入]
Str=Replace(Str,chr(37),"") '过滤SQL注入%
Str=Replace(Str,chr(59),"") '过滤SQL注入
Str=Replace(Str,chr(43),"") '过滤SQL注入;
Str=Replace(Str,chr(45),"") '过滤SQL注入+
Str=Replace(Str,chr(123),"") '过滤SQL注入{
Str=Replace(Str,chr(125),"") '过滤SQL注入}

checkStr=Str '返回经过上面字符替换后的Str
if isnull(str) then
checkStr = ""
exit function
end if
end function