替换非法字符函数Function SQLFixup(TextIn) SQLFixup = Replace(TextIn, \"\'\", \"\'\'\", 1) SQLFixup = Replace(TextIn,Chr(0),\"\", 1, -1, 1) SQLFixup = Replace(TextIn, \"\"\"\", \"\"\", 1, -1, 1) SQLFixup = Replace(TextIn,\"<\",\"<\", 1, -1, 1) SQLFixup = Replace(TextIn,\">\",\">\", 1, -1, 1) SQLFixup = Replace(TextIn, \"script\", \"script\", 1, -1, 0) SQLFixup = Replace(TextIn, \"SCRIPT\", \"SCRIPT\", 1, -1, 0) SQLFixup = Replace(TextIn, \"Script\", \"Script\", 1, -1, 0) SQLFixup = Replace(TextIn, \"script\", \"Script\", 1, -1, 1) SQLFixup = Replace(TextIn, \"object\", \"object\", 1, -1, 0) SQLFixup = Replace(TextIn, \"OBJECT\", \"OBJECT\", 1, -1, 0) SQLFixup = Replace(TextIn, \"Object\", \"Object\", 1, -1, 0) SQLFixup = Replace(TextIn, \"object\", \"Object\", 1, -1, 1) SQLFixup = Replace(TextIn, \"applet\", \"applet\", 1, -1, 0) SQLFixup = Replace(TextIn, \"APPLET\", \"APPLET\", 1, -1, 0) SQLFixup = Replace(TextIn, \"Applet\", \"Applet\", 1, -1, 0) SQLFixup = Replace(TextIn, \"applet\", \"Applet\", 1, -1, 1) SQLFixup = Replace(TextIn, \"[\", \"[\") SQLFixup = Replace(TextIn, \"]\", \"]\") SQLFixup = Replace(TextIn, \"\"\"\", \"\", 1, -1, 1) SQLFixup = Replace(TextIn, \"=\", \"=\", 1, -1, 1) SQLFixup = Replace(TextIn, \"\'\", \"\'\'\", 1, -1, 1) SQLFixup = Replace(TextIn, \"select\", \"select\", 1, -1, 1) SQLFixup = Replace(TextIn, \"execute\", \"execute\", 1, -1, 1) SQLFixup = Replace(TextIn, \"exec\", \"exec\", 1, -1, 1) SQLFixup = Replace(TextIn, \"join\", \"join\", 1, -1, 1) SQLFixup = Replace(TextIn, \"union\", \"union\", 1, -1, 1) SQLFixup = Replace(TextIn, \"where\", \"where\", 1, -1, 1) SQLFixup = Replace(TextIn, \"insert\", \"insert\", 1, -1, 1) SQLFixup = Replace(TextIn, \"delete\", \"delete\", 1, -1, 1) SQLFixup = Replace(TextIn, \"update\", \"update\", 1, -1, 1) SQLFixup = Replace(TextIn, \"like\", \"like\", 1, -1, 1) SQLFixup = Replace(TextIn, \"drop\", \"drop\", 1, -1, 1) SQLFixup = Replace(TextIn, \"create\", \"create\", 1, -1, 1) SQLFixup = Replace(TextIn, \"rename\", \"rename\", 1, -1, 1) SQLFixup = Replace(TextIn, \"count\", \"count\", 1, -1, 1) SQLFixup = Replace(TextIn, \"chr\", \"chr\", 1, -1, 1) SQLFixup = Replace(TextIn, \"mid\", \"mid\", 1, -1, 1) SQLFixup = Replace(TextIn, \"truncate\", \"truncate\", 1, -1, 1) SQLFixup = Replace(TextIn, \"nchar\", \"nchar\", 1, -1, 1) SQLFixup = Replace(TextIn, \"char\", \"char\", 1, -1, 1) SQLFixup = Replace(TextIn, \"alter\", \"alter\", 1, -1, 1) SQLFixup = Replace(TextIn, \"cast\", \"cast\", 1, -1, 1) SQLFixup = Replace(TextIn, \"exists\", \"exists\", 1, -1, 1) SQLFixup = Replace(TextIn,Chr(13),\"<br>\", 1, -1, 1)End Function给你一段32313133353236313431303231363533e78988e69d8331333166353161防注入的函数使用方法SQLFixup(参数值) 但是我看不太明白！那段代码怎么使用啊网站安全在线检测？您又有什么建议？提问者： doulixiao - 试用期 一级 最佳答案 代码使用办法：比如网上有两个个输入筐，一个是用户名，一个用户密码。那么SQL语句验证密码是string userid = txtUserid.Text;string szSQL = \"select * from user where userid = \'\" + userid + \"\';如果要防止sql注入要写成string userid = SQLFixup（txtUserid.Text）;string szSQL = \"select * from user where userid = \'\" + userid + \"\';

楼上所说的抄这些都是比较bai复杂的来解决，而且这些防du护经常会被攻zhi破，告诉您一个最简单的方法就dao是对网站web做一个外部监控，网站的监控预警系统，来检测这个网站的变动从而我们就对网站好管理了，就不用每天担心网站被篡改了网站安全在线检测。 网站监控预警系统你可以百度里搜一下都有的，因为这里不能放网址所以您搜一下吧。