悠悠博客 关注Ajax技术与web开发

'----------------------------------------------------------------'
'    checkStr
'    过滤特殊字符，主要是去掉 SQL 关键词
'    参数：
'        str 需要被过滤的字符串
'    返回值：字符串 (经过过滤后的字符串)
'----------------------------------------------------------------'
Function checkStr(byVal str)
 s = Trim(s)
 
 If IsNull(s) Then
  checkStr = ""
  Exit Function
 End If
 
    str = Replace(str, "&", "&")
    str = Replace(str, "'", "'")
    str = Replace(str, """", """)
 
 '    正则，替换 SQL 关键词
 Dim re
 Set re = New RegExp
 re.IgnoreCase = True
 re.Global = True
 re.Pattern = "(w)(here)"
    str = re.Replace(str, "$1here")
 re.Pattern = "(s)(elect)"
    str = re.Replace(str, "$1elect")
 re.Pattern = "(i)(nsert)"
    str = re.Replace(str,  "$1nsert")
 re.Pattern = "(c)(reate)"
    str = re.Replace(str,"$1reate")
 re.Pattern = "(d)(rop)"
    str = re.Replace(str, "$1rop")
 re.Pattern = "(a)(lter)"
    str = re.Replace(str, "$1lter")
 re.Pattern = "(d)(elete)"
    str = re.Replace(str, "$1elete")
 re.Pattern = "(u)(pdate)"
    str = re.Replace(str, "$1pdate")
 re.Pattern = "(\s)(or)"
    str = re.Replace(str, "$1or")
 Set re = Nothing
 checkStr = str
End Function

'----------------------------------------------------------------'
'    uncheckStr
'    恢复特殊字符，checkStr 函数的逆操作
'    参数：
'        str 需要被恢复的字符串
'    返回值：字符串 (恢复原来的字符串)
'        这个一般用在编辑的时候，显示用户输入的原始内容
'----------------------------------------------------------------'
Function uncheckStr(ByVal str)
 If IsNull(str) Then
  uncheckStr = ""
  Exit Function
    End If
 
 str = Replace(str,"'","'")
 str = Replace(str,""","""")
 
 Dim re
 Set re = new RegExp
 re.IgnoreCase =True
 re.Global = True
 re.Pattern = "(w)(here)"
 str = re.replace(str,"$1here")
 re.Pattern = "(s)(elect)"
 str = re.replace(str,"$1elect")
 re.Pattern = "(i)(nsert)"
 str = re.replace(str,"$1nsert")
 re.Pattern = "(c)(reate)"
 str = re.replace(str,"$1reate")
 re.Pattern = "(d)(rop)"
 str = re.replace(str,"$1rop")
 re.Pattern = "(a)(lter)"
 str = re.replace(str,"$1lter")
 re.Pattern = "(d)(elete)"
 str = re.replace(str,"$1elete")
 re.Pattern = "(u)(pdate)"
 str = re.replace(str,"$1pdate")
 re.Pattern = "(\s)(or)"
 Str = re.replace(Str,"$1or")
 Set re = Nothing
 str = Replace(str, "&", "&")
 uncheckStr = str
End Function
这一对函数，正好是相反的两个操作。checkStr，将我们提交的数据进行过滤，替换掉可能导致 SQL 诸如的关键词。uncheckStr，将数据取出，反向过滤，恢复为用户提交的原始状态，一般在编辑的时候需要用到。