怎么样过滤一些特定的字符?如 "= " " ' "
麻烦说详细点
------解决方案--------------------
<%
Function cs(s, n)
'防SQL注入 1为数值型,0为字符型, 2为ID参数类型
'返回类型Boolean
Dim r, p
Set r = new RegExp
If n = 0 Then
p = "^[^ ' " "]+$ "
ElseIf n = 1 Then
p = "^\d+$ "
Else
p = "^\d*[1-9]\d*(,\s*\d*[1-9]\d*)*$ "
End If
r.Pattern = p
cs = r.Test(s)
Set r = Nothing
End Function
admin=request.form( "admin ")
password=request.form( "password ")
If cs(admin, 0) And cs(password, 2) Then
sql= "select * from admin where admin= ' "&admin& " ' and password= ' "&password& " ' "
set rs=conn.execute(sql)
if rs.eof or rs.bof then
response.write " <script language=javascript> "
response.write "alert( '用户或密码不对! '); "
response.write "javascript:history.go(-1); "
response.write " </script> "
else
session( "admin ")=admin
response.redirect "admin_manage.asp "
end if
Else
Response.Write "参数不合法(不允许为空)... "
End If
%>