<%'/字符过滤/ function changechr(str) changechr=replace(replace(replace(replace(str,"<",""),">",""),chr(13),"")," ","") changechr=replace(replace(replace(replace(changechr,"'",""),chr(34),""),"insert",""),"and","") changechr=replace(replace(replace(replace(changechr,"select",""),"update",""),"delete%20from",""),"exec","") changechr=replace(replace(replace(replace(changechr,"mid",""),"truncate",""),"declare",""),"*","") end function %> 这段代码我只知道是字符过滤,请详解一下这段代码?
changechr=replace(replace(replace(replace(str,"<",""),">",""),chr(13),"")," ","") 我只解释这一段.从最里面的开始 replace(str,"<","") 将字符串str变量里的字符<替换为空。也就是str为abc<123>456时,通过过滤就变成了abc123>456 replace(replace(str,"<",""),">","") 上面就是将str先过滤了<符号。再过滤>符号str先变成abc123>456再变成abc123456 通过这种方法可以避免SQL注入等安全问题