SQL防注入
'替换登陆名中的单引号和双引号 Dim UserID, UserPWD As String UserID = txtUid.Text UserPWD = txtPwd.Text UserID = Replace(UserID, Chr(39), "'") UserID = Replace(UserID, Chr(34), """) UserPWD = Replace(UserPWD, Chr(39), "'") UserPWD = Replace(UserPWD, Chr(34), """) ' NB联盟防注入函数 ReqNum / ReqStr '--------------------------------------------------------------- Function ReqNum ( StrName ) ReqNum = Request ( StrName ) if Not isNumeric ( ReqNum ) then Response.Write "参数必须为数字型!" Response.End End if End Function Function ReqStr ( StrName ) ReqStr = Replace ( Request(StrName), "'", "''" ) End Function 以上面三句SQL语句