如果要过滤非法字符,非法字符那么多,并且还有大小写,有的还用chr()那么多,要替换多少呀.
我认为要判断一下是字符还是数字,如果是数字,就不怕这些非法字符,如果是字符只需限制他们的长度,不就行了
那个是什么 这样写对吗
<%
function con(contentTemp,length)
length=Cint(length)
contentTemp=replace(contentTemp,"'","''")
contentTemp=replace(contentTemp,chr(34),"""")
contentTemp=replace(contentTemp,"&","&")
contentTemp=replace(contentTemp," "," ")
contentTemp=replace(contentTemp,"<","<")
contentTemp=replace(contentTemp,">",">")
if len(contentTemp)>length then
contentTemp=left(contentTemp,length)
end if
com=contentTemp
end function
%>
<%
dim title,con
title=request.form("title")
con=request.form("con")
if trim(title)="" or trim(con)="" then
response.write"所填标题和内容不能为空"
else
set rs= Server.CreateObject("adodb.recordset")
sql= "select * from guestbook"
rs.open sql,conn,1,3
rs.addnew
rs("title")=title
rs("con")=con
rs.update
rs.close
set rs=nothing
conn.close
set conn=nothing
response.write("<A HREF=list.asp>返回</A>")
end if
%>