public Function RSQL(strChar)
& c6 [" E; P+ A If strChar = "" or IsNull(strChar) Then RSQL = "":Exit Function$ H8 p$ ]( p& g' ]
Dim strBadChar, arrBadChar, tempChar, I, K, t: G- x7 S9 ^- d
strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""’注意这里过滤的是特殊字符 ‘Chr(34)对应的ASCII码是双引号。Chr(0)其实就是我们上传改包把空格(20)改成的00, `9 g. l* ]+ J9 _
arrBadChar = Split(strBadChar, ",")
* l) K% R- j* K! U tempChar = strChar
- K# s; C" U/ T, u: y' v For I = 0 To UBound(arrBadChar)
/ H( n; L" h9 V2 m! x- \" F tempChar = Replace(tempChar, arrBadChar(I), "") ‘将特殊字符过滤为空0 t2 M- t8 ^% G! P! G! e
Next0 f* H6 i! c" g5 V; i. l
RSQL = tempChar& b; B5 n$ J! q+ \
End Function+ ~) O( e: Q; B2 h# E2 p+ D
|