说明:clubconfig表里的badwords字段保存着一些非法词组,在数据库中的格式为:A|B|C|D|等,我想实现当topic里只要有相关字符如A或B就会弹出提示,禁止发布。但是SQL语句却不知道该如何写,下面的语句实现不了,请问如何可以实现
select badwords from clubconfig where badwords like '"&topic&"'"
sql="select badwords from clubconfig"
rs.open sql,conn,1,1
badwords=split(rs("badwords"),"|")
for i=0 to ubound(badwords)
if instr(username,badwords(i)) then
response.write "用户名里有非法字符!"
response.end
end if
next
我已经按(兜兜裤)说的做了,但是无论输入什么字符都提示"用户名里有非法字符"
所有代码
<%
username=server.htmlencode(Trim(Request("username")))
if Request("menu")="Check" then
sql="select badwords from clubconfig"
rs.open sql,conn,1,1
badwords=split(rs("badwords"),"|")
for i=0 to ubound(badwords)
if instr(username,badwords(i)) then
response.write "用户名里有非法字符!"
response.end
end if
next
If conn.Execute("Select id From [user] where username='"&username&"'" ).eof Then
response.write "用户名" <font color=red>"&HTMLEncode(username)&"</font> "可以正常注册!"
else
response.write "您所选的用户名" <font color=red>"&username&"</font> "已经有用户使用,请另外选择一个用户名。"
end if
responseend
end if
if Request.ServerVariables("request_method") = "POST" then
password=Trim(Request("password"))
........
sign=server.htmlencode(Request("sign"))
sign=replace(sign,vbCrlf,"<br>")
sign=replace(sign,"\","\\")
temp=UCase(sign)
if conn.execute("select badwords from clubconfig where badwords like '%"&username&"%'").eof then
response.write "<script LANGUAGE='javascript'>alert('您选择的用户名有非法嫌疑,请重新注册!');history.go(-1);</script>"
end if
if instr(username," ")>0 or instr(username,"#")>0 or instr(username,"`")>0 or instr(username,"|")>0 or instr(username," ")>0 or instr(username," ")>0 or Instr(username,"%")>0 or Instr(username,"&")>0 or Instr(username,"ヴ")>0 or Instr(username,"ヂ")>0 or Instr(username,"ゼ")>0 or Instr(username,"ヅ")>0 or Instr(username,"") or Instr(username,"+")>0 then
message=message&"<li>您的用户名中不能含有特殊符号"
end if
sql="select * from [user] where username='"&HTMLEncode(username)&"'"
rs.Open sql,Conn
if not rs.eof then
message=message&"<li>此用户名已经被别人注册了"
end if
rs.close
if RegOnlyMail = 1 then
sql="select * from [user] where usermail='"&usermail&"'"
rs.Open sql,Conn
if not rs.eof then
message=message&"<li>此Email已经被别人注册了"
end if
rs.close
end if
if message<>"" then
error(""&message&"")
end if
if userface = "" then
userface=84
randomize
userface=Int((userface*rnd)+1)
end if
for each ho in request.form("character")
allcharacter=""&allcharacter&""&ho&""
next
rs.Open "[user]",conn,1,3
rs.addnew
rs("username")=username
..........
rs("regtime")=""&Date()&""
rs("landtime")=""&now()&""
sql="select badword from clubconfig"
rs.open sql,conn,1,1
badwords=split(rs("badwords"),"|")
for i=0 to ubound(badwords)
if instr(username,badwords(i)) then
response.write "用户名里有非法字符!"
response.end
end if
next
我是这么写的,但为什么还是不对,不管输入什么字符都提示非法
if conn.execute("select badwords from clubconfig where badwords like '%"&username&"%'").eof then
response.Write("您所选的用户名" <font color=red>"&username&"</font> "有非法嫌疑,请另外选择一个用户名。")
end if
要正确的过滤应该把数据库的非法词组提取出来
然后用instr函数来判断是否存在
badwords=split(rs("badwords"),"|")
for i=0 to ubound(badwords)
if instr(topic,badwords(i)) then
response.write "有非法字符!"
response.end
end if
next