高校问答吴云前:如何屏蔽提交框里面输入的代码
来源:百度文库 编辑:高校问答 时间:2024/04/29 20:20:06
<%
set conn=server.createobject("adodb.connection")
set rs=server.createobject("adodb.recordset")
conn.open "driver={microsoft access driver (*.mdb)};dbq="&server.mappath("liu.mdb")
rs.open "select * from pingpai ",conn,1,3
%>
<%
rs.PageSize=20
pagecount=rs.PageCount
page=int(request.QueryString ("page"))
if page<=0 then page=1
if request.QueryString("page")="" then
page=1
end if
rs.AbsolutePage=page
%>
<form method="post" action=addnew.asp>姓名:<input class="class" name=wcall size="12" maxlength=6 id="wcall"><input
name=wtname type="text" class="class" id="wtname" value="电话/QQ/油箱" size="20" maxlength=11><input type=submit name=submit
value='提 交'><input type='reset' name='Submit4' value='重 置'></form>
<%=left(rs("call"),20)%> <%=left(rs("tname"),16)%>
这个是我首页代码 比如在姓名框里面输入<b>c</b>显示的是<b>c</b>
而不是粗体的C 我该怎么改
set conn=server.createobject("adodb.connection")
set rs=server.createobject("adodb.recordset")
conn.open "driver={microsoft access driver (*.mdb)};dbq="&server.mappath("liu.mdb")
rs.open "select * from pingpai ",conn,1,3
%>
<%
rs.PageSize=20
pagecount=rs.PageCount
page=int(request.QueryString ("page"))
if page<=0 then page=1
if request.QueryString("page")="" then
page=1
end if
rs.AbsolutePage=page
%>
<form method="post" action=addnew.asp>姓名:<input class="class" name=wcall size="12" maxlength=6 id="wcall"><input
name=wtname type="text" class="class" id="wtname" value="电话/QQ/油箱" size="20" maxlength=11><input type=submit name=submit
value='提 交'><input type='reset' name='Submit4' value='重 置'></form>
<%=left(rs("call"),20)%> <%=left(rs("tname"),16)%>
这个是我首页代码 比如在姓名框里面输入<b>c</b>显示的是<b>c</b>
而不是粗体的C 我该怎么改
function sqlstr(str)
data=str
data=replace(data,"'","''")
data=replace(data,"<","<")
data=replace(data,">",">")
data=replace(data," "," ")
data=replace(data," "," ")
data=replace(data,VBCrLf,"<br>")
sqlstr=data
end function
然后你需要屏蔽那个字段就加上 比如屏蔽wtname就加上
wtname=sqlstr(request("wtname"))
rs("guoj")=wguoj
rs("liu")=wliu
rs("tname")=wtname
rs("call")=wcall