asp 删除数据库记录的代码

dly · 发表于 2011-9-14 09:05:55

删除单条记录

复制代码

这是过滤非法字符函数

function saferequest(paraname)
dim paravalue
paravalue=request(paraname)
if isnumeric(paravalue) = true then
saferequest=paravalue
exit function
elseif instr(lcase(paravalue),"select ") > 0 or instr(lcase(paravalue),"insert ") > 0 or instr(lcase(paravalue),"delete from") > 0 or instr(lcase(paravalue),"count(") > 0 or instr(lcase(paravalue),"drop table") > 0 or instr(lcase(paravalue),"update ") > 0 or instr(lcase(paravalue),"truncate ") > 0 or instr(lcase(paravalue),"asc(") > 0 or instr(lcase(paravalue),"mid(") > 0 or instr(lcase(paravalue),"char(") > 0 or instr(lcase(paravalue),"xp_cmdshell") > 0 or instr(lcase(paravalue),"exec master") > 0 or instr(lcase(paravalue),"net localgroup administrators") > 0 or instr(lcase(paravalue)," and ") > 0 or instr(lcase(paravalue),"net user") > 0 or instr(lcase(paravalue)," or ") > 0 or instr(lcase(paravalue),"""")>0 or instr(lcase(paravalue),"'")>0 then
response.write "请不要在函数中加入非法字符！"
response.end
else
saferequest=paravalue
end if
end function

复制代码

批量删除方法：
主要是利用for循环来实现。

复制代码