zoukankan      html  css  js  c++  java
  • 防止Sql注入字符串 , 变量赋值时防止为空和类型转换

    防止Sql注入字符串:
    Function CheckSqlHack(ByVal sSql As String) As String  '防止sql注入
        sSql = Replace(sSql, "'", "")
        sSql = Replace(sSql, "--", "")
        sSql = Replace(sSql, "INSERT", "")
        sSql = Replace(sSql, "UPDATE", "")
        sSql = Replace(sSql, "DELETE", "")
        sSql = Replace(sSql, "exec", "")
        sSql = Replace(sSql, "declare ", "")
        Return sSql
    End Function



    变量赋值时防止为空和类型转换:
    Public Shared Function HStr(ByVal AInpt As Object) As String
        If AInpt Is Nothing Or AInpt Is DBNull.Value Then       '根据情况变化
            Return ""
        Else
            Return Convert.ToString(AInpt)               '根据情况变化
        End If
    End Function

    Integer:
        If AInpt Is Nothing Or AInpt Is DBNull.Value Or Not IsNumeric(AInpt) Then
        Return Convert.ToInt32(AInpt)

    Double:
        If AInpt Is Nothing Or AInpt Is DBNull.Value Or Not IsNumeric(AInpt) Then
        Return Convert.ToDouble(AInpt)

    String(Date):
        If dateIn Is Nothing Or dateIn Is DBNull.Value Then
        If IsDate(dateIn) Then
            Return CDate(dateIn).ToString("yyyy-MM-dd")
        Else
            Return HStr(dateIn)
        End If
  • 相关阅读:
    Spoj 2798 Qtree3
    [HAOI2015]树上操作
    Grass Planting
    [ZJOI2008] 树的统计Count
    Spoj375 Qtree--树链剖分
    [HNOI2012]永无乡
    雨天的尾巴
    temp
    线段树动态开点之逆序对
    线段树动态开点
  • 原文地址:https://www.cnblogs.com/liangyi/p/976484.html
Copyright © 2011-2022 走看看