在读入数据库的时候用这个函数
<%
private function bha_sql_replace(ByVal str_txt)
'*************************
'功能:对用户输入进行安全检查,主要是防止SQL注入等行为
'返回值:字符串
'参数:str_txt(字符串)
'提供者:江一在线(蚂蚁商务)
'*************************
'其实这个函数原来很长的,
'为了以后还能正常显示我把其它语句都去了,
'以后显示的时候只把两个连续单引号替换成一个单引号就可以原样输出了,
'其它的一些替换,我认为在做留言板或文章系统的时候没有很大的必要去替换,既使替换了,再显示新闻的时候也会变的乱七八糟
'江一的原函数如下
'---------------------------------------------------
'private function bha_sql_replace(ByVal str_txt)
'str_txt=Replace(str_txt,"""","'")
'str_txt=Replace(str_txt,"'","")
'str_txt=Replace(str_txt,"%","")
'str_txt=Replace(str_txt,"&","")
'str_txt=Replace(str_txt,"<","")
'str_txt=Replace(str_txt,">","")
'bha_sql_replace=str_txt
'end function
'---------------------------------------------------
str_txt=Replace(str_txt,"'","''")
bha_sql_replace=str_txt
end function
%>
在web页面显示留言用这个函数
<%
Function GAMVANHTML(result)
'*************************
'功能:让数据库的文字按原格式输出,实现空格,软硬回车和TAB功能,
' 并支持贴图,居中,斜体和黑体
' 用于小型新闻和文章系统的内容输出
'返回值:字符串
'参数:result(字符串)
'提供者:我容易吗我(今晚在线)
'*************************
if not isNull(result) then
result = Server.HtmlEncode(result)
result = replace(result,"''","'")
result = replace(result,vbcrlf,"<br>")
result = replace(result," "," ")
result = replace(result,chr(9)," ") 'Tab键
result = Replace(result," result = Replace(result," border=0>"," border=0>")
result = Replace(result," ","<b>")
result = Replace(result,"","</b>")
result = Replace(result," ","<i>")
result = Replace(result,"","</i>")
result = Replace(result,"
","<center>")
result = Replace(result," ","</center>")
GAMVANHTML=result
else
GAMVANHTML= "没有内容"
end if
end Function
%>
在编辑的时候,内容又被输入到了文本框里,用这个函数就可以自动换行了。
其实我认为不做任何函数就可以正常显示的
<%
private function bha_display_text(str)
'------------文本框里显示的函数
bha_display_text=replace(str,"''","' ")
bha_display_text=replace(str," "," ")
bha_display_text=replace(bha_display_text,"<br>",chr(10))
bha_display_text=replace(bha_display_text,"</p><p>",chr(10)&chr(10))
end function
%>
如果是用在线编辑器编辑数据库内容的话,把数据库输出到ifrme时调用一下下面的函数
<%
'此函数由今晚在线提供,功能是反html并可以放到ifrme里,保证读出来的东西都放在ifrme里
Function unGAMVANHTML(fString)
'if fString<>"" then
fstring=cstr(fstring)
fString = Replace(fSring,"''",",")
fString = Replace(fString, "&","&")
fString = Replace(fString, "<","<")
fString = Replace(fString, ">",">")
fString = Replace(fString, CHR(34), """) '双引号
fString = Replace(fString, CHR(39), "'") '单引号
unGAMVANHTML = fString
'end if
End Function
%>
<%
private function bha_sql_replace(ByVal str_txt)
'*************************
'功能:对用户输入进行安全检查,主要是防止SQL注入等行为
'返回值:字符串
'参数:str_txt(字符串)
'提供者:江一在线(蚂蚁商务)
'*************************
'其实这个函数原来很长的,
'为了以后还能正常显示我把其它语句都去了,
'以后显示的时候只把两个连续单引号替换成一个单引号就可以原样输出了,
'其它的一些替换,我认为在做留言板或文章系统的时候没有很大的必要去替换,既使替换了,再显示新闻的时候也会变的乱七八糟
'江一的原函数如下
'---------------------------------------------------
'private function bha_sql_replace(ByVal str_txt)
'str_txt=Replace(str_txt,"""","'")
'str_txt=Replace(str_txt,"'","")
'str_txt=Replace(str_txt,"%","")
'str_txt=Replace(str_txt,"&","")
'str_txt=Replace(str_txt,"<","")
'str_txt=Replace(str_txt,">","")
'bha_sql_replace=str_txt
'end function
'---------------------------------------------------
str_txt=Replace(str_txt,"'","''")
bha_sql_replace=str_txt
end function
%>
在web页面显示留言用这个函数
<%
Function GAMVANHTML(result)
'*************************
'功能:让数据库的文字按原格式输出,实现空格,软硬回车和TAB功能,
' 并支持贴图,居中,斜体和黑体
' 用于小型新闻和文章系统的内容输出
'返回值:字符串
'参数:result(字符串)
'提供者:我容易吗我(今晚在线)
'*************************
if not isNull(result) then
result = Server.HtmlEncode(result)
result = replace(result,"''","'")
result = replace(result,vbcrlf,"<br>")
result = replace(result," "," ")
result = replace(result,chr(9)," ") 'Tab键
result = Replace(result," result = Replace(result," border=0>"," border=0>")
result = Replace(result," ","<b>")
result = Replace(result,"","</b>")
result = Replace(result," ","<i>")
result = Replace(result,"","</i>")
result = Replace(result,"
result = Replace(result,"
GAMVANHTML=result
else
GAMVANHTML= "没有内容"
end if
end Function
%>
在编辑的时候,内容又被输入到了文本框里,用这个函数就可以自动换行了。
其实我认为不做任何函数就可以正常显示的
<%
private function bha_display_text(str)
'------------文本框里显示的函数
bha_display_text=replace(str,"''","' ")
bha_display_text=replace(str," "," ")
bha_display_text=replace(bha_display_text,"<br>",chr(10))
bha_display_text=replace(bha_display_text,"</p><p>",chr(10)&chr(10))
end function
%>
如果是用在线编辑器编辑数据库内容的话,把数据库输出到ifrme时调用一下下面的函数
<%
'此函数由今晚在线提供,功能是反html并可以放到ifrme里,保证读出来的东西都放在ifrme里
Function unGAMVANHTML(fString)
'if fString<>"" then
fstring=cstr(fstring)
fString = Replace(fSring,"''",",")
fString = Replace(fString, "&","&")
fString = Replace(fString, "<","<")
fString = Replace(fString, ">",">")
fString = Replace(fString, CHR(34), """) '双引号
fString = Replace(fString, CHR(39), "'") '单引号
unGAMVANHTML = fString
'end if
End Function
%>