End Class
-------------------------------------------------------------------------
2.ORACLE中
所有的输入都应注意尽量禁止在Sql的特殊字符,如 单引号
Public Function CToSqlStrValue(ByVal CurValue As String) As String
Dim strReturnValue As String
Try
If CurValue <> "" Then
strReturnValue = "'" & CurValue.Replace("'", "''") & "'"
Else
strReturnValue = "NULL"
End If
Catch myException As System.Exception
S_Err("CToSqlStrValue", Err)
End Try
Return strReturnValue
End Function
------------------------------------------------------------------------
等等 抛砖引玉(请大家列出各种可能出错的特殊符号)
...全文
597打赏收藏
[续LovenDreams ]数据库开发的一些小经验!(值得注意的细节)
{我会整理FAQ} 1. SQL SERVER 中 所有的输入都应注意尽量禁止在Sql Server中的特殊字符,如 单引号,%,*,# Public Class StringFormat '字符串格式化类 Function SqlStrFormat(ByVal strSql As String) As String 'Sql语句方式的字符串格式化函数,采用特殊方式替换掉 sql Wildcard Characters '该函数使用范围有限 If strSql = "" Then Return
End Class
-------------------------------------------------------------------------
2.ORACLE中
所有的输入都应注意尽量禁止在Sql的特殊字符,如 单引号
Public Function CToSqlStrValue(ByVal CurValue As String) As String
Dim strReturnValue As String
Try
If CurValue <> "" Then
strReturnValue = "'" & CurValue.Replace("'", "''") & "'"
Else
strReturnValue = "NULL"
End If
Catch myException As System.Exception
S_Err("CToSqlStrValue", Err)
End Try
Return strReturnValue
End Function
------------------------------------------------------------------------
sql语句是一个字符串,所有的变量应该先转换为string
如dim strSQL as string = "Select * from tableUser where suser = ' " & sUserName & "' " sUserName为变量,当生成sql语句时,需要当作变量