用户输入字符过滤问题
那位高手帮我一下.在下面的代码中帮忙添加一些过滤非法字符的代码.比如< > $之类的符号.本人非常感谢.<BR><BR>!--#include file=CONN.ASP--><BR><%<BR>dim id,username<BR>id=trim(request("id"))<BR>if not isnumeric(id) or id="" then<BR>response.write "<li>参数错误!"<BR>cl<BR>response.end<BR>end if<BR>if request.cookies("ijob")("username")="" or request.cookies("ijob")("domain")="" or request.cookies("ijob")("id")="" then <BR>response.write "<br>"<BR>response.write "<li>你还没有登陆!"<BR>cl<BR>response.end<BR>end if<BR>if request("ijob")="chk" then<BR>call ijob()<BR>response.end<BR>end if<BR>%><BR><meta http-equiv="Content-Language" content="zh-cn"><BR><link rel="stylesheet" type="text/css" href="1.CSS"><BR><title>发送邮件</title><BR><style type="text/css"><BR><!--<BR>body {<BR> background-color: #F2F2F2;<BR>}<BR>--><BR></style><body topmargin="3" leftmargin="0"><BR><div align="center"><BR> <center><BR> <br><BR> <br><BR> <table width="352" height="64" border="0" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC" bgcolor="#F2F2F2" style="border-collapse: collapse"><BR> <form action="?id=<%=id%>&ijob=chk" method="POST"><BR> <tr><BR> <td width="80" height="25" style="border-bottom-style: none; border-bottom-width: medium"><BR> <p align="center"><font color="#FF0000">回复内容:</font></td><BR> <td width="273" height="25" style="border-bottom-style: none; border-bottom-width: medium"><BR> <textarea class="inputa" crows="16" name="neirong" cols="37" style="height:150 "></textarea></td><BR> </tr><BR> <tr><BR> <td width="353" height="35" colspan="2" style="border-top-style: none; border-top-width: medium"><BR> <p align="center"><BR> <input class="inputb" type="submit" value="提交回复" name="B1"></td><BR> </tr><BR> </form><BR> </table><BR> </center><BR></div><BR><%<BR>sub ijob()<BR>dim rs,sql,neirong<BR>if len(trim(request("neirong")))<2 then<BR>response.write "<li>回复内容没有填写!"<BR>cl<BR>response.end<BR>end if<BR>set rs=server.createobject("adodb.recordset")<BR>sql = "select * from hf "<BR>rs.open sql,conn,1,3<BR>rs.addnew<BR>rs("username")=request.cookies("ijob")("username")<BR>rs("neirong")=trim(request("neirong"))<BR>rs("xxid")=id<BR>rs.update<BR>rs.close<BR>set rs=nothing<BR>Conn.Execute("Update xinxi Set hfcs=hfcs+1 where id="&cstr(id))<BR>closedb<BR>response.write "<li>回复成功!"<BR>cl<BR>end sub<BR>%><BR><%sub cl()%><BR><body><BR><%end sub%>页:
[1]