28,391
社区成员
发帖
与我相关
我的任务
分享
function Replace_Text(fString)
Dim sqlIn,sqlinstr
if isnull(fString) then
Replace_Text=""
exit function
Else
sqlIn = "and%20|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare|or%20"
sqlinstr=Split(sqlIn,"|")
For m=0 To ubound(sqlinstr)
If InStr(LCase(fString),sqlinstr(m))>0 Then
fString=lcase(trim(fString))
End If
Next
fString=replace(fString,"'","‘")
fString=replace(fString,";",";")
fString=replace(fString,"--","—")
fString=replace(fString,"and%20","")
fString=replace(fString,"exec","")
fString=replace(fString,"insert","")
fString=replace(fString,"select","")
fString=replace(fString,"delete","")
fString=replace(fString,"update","")
fString=replace(fString,"and","")
fString=replace(fString,"*","")
fString=replace(fString,"chr","")
fString=replace(fString,"mid","")
fString=replace(fString,"master","")
fString=replace(fString,"truncate","")
fString=replace(fString,"char","")
fString=replace(fString,"declare","")
fString=replace(fString,"create","")
fString=server.htmlencode(fString)
fString=replace(fString,"<sup><small>","<sup><small>")
fString=replace(fString,"</small></sup>","</small></sup>")
fString=replace(fString,"<sub><small>","<sub><small>")
fString=replace(fString,"</small></sub>","</small></sub>")
Replace_Text=fString
end if
end function