防SQL数字注入函数
防SQL注入函数
程序代码:
函数部分========================================================================
'------------------------------------------------
'用途:检查是否为数字,以及数字是否超出范围
'输入:检查字符,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),开始数字(默认数字),结束数字(为-1则不检查大小)
Function CheckNum(str_str,int_quest,int_startnum,int_endnum)
mystr=Trim(str_str)
Select Case int_quest
Case 1
istr=Request.Form(mystr)
Case 2
istr=Request.QueryString(mystr)
Case 3
istr=Request.Cookies(mystr)
Case 4
istr=Request(mystr)
Case Else
istr=mystr
End Select
istr=Left(istr,32)
If IsNumeric(istr) Then
iNum=CDbl(istr)
Else
iNum=int_startnum
End If
If int_endnum>-1Then
If iNum If iNum>int_endnum Then iNum=int_endnum
End If
CheckNum=iNum
End Function
'------------------------------------------------
'用途:检查过滤字符串
'输入:字符串,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),检查方式(1不过滤html,2纯html,3标题过滤,4其他html过滤,),字符段截取长度
Function CheckStr(str_str,int_quest,int_type,int_strlen)
mystr=str_str
Select Case int_quest
Case 1
istr=Request.Form(mystr)
Case 2
istr=Request.QueryString(mystr)
Case 3
istr=Request.Cookies(mystr)
Case 4
istr=Request(mystr)
Case Else
istr=mystr
End Select
istr=""&Trim(istr)
istr=Replace(istr,"'","''")
Select Case int_type
Case 1
istr=Replace(istr,CHR(32)," ")
istr=Replace(istr,CHR(9)," ")
istr=Replace(istr,CHR(10) & CHR(10),"
")
istr=Replace(istr,CHR(10),"
")
istr=Replace(istr,CHR(13),"")
Case 2
istr=istr
Case 3
istr=Replace(istr,CHR(32)," ")
istr=Replace(istr,CHR(9)," ")
istr=Replace(
相关文档:
这是《VC++动态链接库(DLL)编程深入浅出》的第四部分,阅读本文前,请先阅读前三部分:(一)
、(二)
、(三)
。
MFC扩展DLL的内涵为MFC的扩展,用户使用MFC扩展DLL就像使用MFC本身的DLL一样。除了可以在MFC扩展DLL的内部使用MFC以外,MFC扩展DLL与应用程序的接口部分也可以是MFC。我们一般使用MFC扩展DLL来包含 ......
CREATE OR REPLACE PACKAGE BODY PACK_RISK_FUNCTION AS
--- 1 将符号替换成#号 或许可以用正则表达式,但是嫌麻烦还是直接用替换
FUNCTION CHANGE_OPERATOR(FORMULA VARCHAR2)
RETURN VARCHAR2
AS
V_FORMULA VARCHAR2(100);
BEGIN
V_FORMULA := REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(FORMULA,'(',''), ......
--查询每个人订饭的次数
select username as 姓名, count(*) as 次数 from orderitems group by UserName having count(*)=1
order by 姓名 desc
select distinct username as 未注册姓名 from orderitems
where username not in (select [Name] from Person)
select distinct username as 已注册姓名 fr ......
1.查询出当前数据库的所有主键信息。
SELECT A.parent_obj AS TABLEID,
UPPER(E.NAME) AS TABLENAME,
UPPER(A.NAME) AS INDEXNAME,
UPPER(D.NAME) AS COLNAME,
......
SQL Server 查询一张表的主键
http://hi.baidu.com/samxx8/blog/item/7048f8de1725835894ee37b4.html
SELECT a.name
from syscolumns a
inner join sysobjects d on a.id=d.id
where d.name='SPF_Users' and exists(SELECT 1 from sysobjects where xtype=' ......
