Function CheckNumeric(Number)
If Not IsNumeric(Number)
CheckNumeric = 0
Else
CheckNumeric = Number
End If
End Function
Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"")
CheckStr = Replace(Str,"'","''")
End Function
然后对所有要获得的变量过滤就可以
Sql = "Update [YourTable] Set Number="& CheckNumeric(Request("ThisIsANumber"))
&",String='"& CheckStr(Request("ThisIsAString")) &"'"