我这是ASP的,如果你是别的,你可以到网上找防注入代码,现在网上有都是
'防止SQL注入
Function checkStr(str)
if isnull(str) then
checkStr = ""
exit function
end if
checkStr=replace(str," ","")
checkStr=replace(str,"'","''")
checkStr=replace(str,";","'")
checkStr=replace(str,"--","'")
checkStr=replace(str,"(","'")
checkStr=replace(str,"[","'")
checkStr=replace(str,"$","'")
checkStr=replace(str,"asc"," ")
checkStr=replace(str,"mid"," ")
checkStr=replace(str,"select"," ")
checkStr=replace(str,"count"," ")
checkStr=replace(str,"update"," ")
checkStr=replace(str,"delete"," ")
checkStr=replace(str,"drop"," ")
end function
