admin數據庫查詢中的特殊字符的問題
查詢數據庫時,經常會遇到以下情況:
比如你想在某個用戶的數據庫中查詢某個用戶的用戶名和密碼,但是該用戶使用的用戶名和密碼中有特殊字符,比如單引號、|、雙引號或者連字符“&”。
比如他的名字是1"test,密碼是A|&900
這時儅你執行下麪的查詢語句時,肯定會報錯:[/Br/]SQL =" select * from security level where uid ="" & userid &""[/Br/]SQL = SQL &" and pwd ="" & password &""[/Br/]因爲你的SQL會是這樣:[/Br/]select * from security level where uid =" 1" test" and pw現在提供了以下函數來処理這些問題:
函數replacestr (textin,byval search str as string,_
ByVal Replacement As String,_
ByVal comp mode As Integer)
Dim WorkText As String,Pointer As Integer
If is Null(TextIn)Then
ReplaceStr = Null
Else
work text = TextIn
Pointer = InStr(1,work text,search str comp mode)
Loop
ReplaceStr = work text
End If
End Function SQLFixup(TextIn)
SQLFixup = ReplaceStr(TextIn,""","""",0)
End Function
Function JetSQLFixup(TextIn)
Dim Temp
Temp = ReplaceStr(TextIn,""","",0)
jetsq
0條評論