nosql.asp

多多网店系统v3.01 完全免费可用版-功能简介: 支持多模板皮肤色切换[8套] 支持按商品特性[推荐商品/特价商品/新品分类]浏览 支持按商品类别浏览 支持单件商品用支付宝交易按钮直接支付订

<%
'post过滤sql注入代防范及HTML防护开始
function nosql(str)
    if not isnull(str) then
        str=trim(str)
        str=replace(str,";","&#59;")		'分号
        str=replace(str,"'","&#39;")		'单引号
        str=replace(str,"""","&quot;")		'双引号
        str=replace(str,"chr(9)","&nbsp;")	'空格
        str=replace(str,"chr(10)","<br>")	'回车
        str=replace(str,"chr(13)","<br>")	'回车
        str=replace(str,"chr(32)","&nbsp;")	'空格
        str=replace(str,"chr(34)","&quot;")	'双引号
        str=replace(str,"chr(39)","&#39;")	'单引号
        str=Replace(str, "script", "&#115cript")'jscript
        str=replace(str,"<","&lt;")	        '左<
        str=replace(str,">","&gt;")	        '右>
        str=replace(str,"(","&#40;")	        '左(
        str=replace(str,")","&#41;")	        '右)
        str=replace(str,"--","&#45;&#45;")	'SQL注释符
        nosql=str
    end if
end function
%>