<% Function AutoKey(strKey) CONST lngSubKey=2 Dim lngLenKey, strNew1, strNew2, i, strSubKey '检测字符串的合法性,若不合法则转到出错页。出错页你可以根据需要进行设定。 if InStr(strKey,"=")<>0 or InStr(strKey,"`")<>0 or InStr(strKey,"'")<>0 or InStr(strKey," ")<>0 or InStr(strKey,"")<>0 or InStr(strKey,"'")<>0 or InStr(strKey,chr(34))<>0 or InStr(strKey,"\")<>0 or InStr(strKey,",")<>0 or InStr(strKey,"<")<>0 or InStr(strKey,">")<>0 then Response.Redirect "error.htm" End If lngLenKey=Len(strKey) Select Case lngLenKey Case 0 '若为空串,转到出错页 Response.Redirect "error.htm" Case 1 '若长度为1,则不设任何值 strNew1="" strNew2="" Case Else '若长度大于1,则从字符串首字符开始,循环取长度为2的子字符串作为查询条件 For i=1 To lngLenKey-(lngSubKey-1) strSubKey=Mid(strKey,i,lngSubKey) strNew1=strNew1 & " or U_Name like '%" & strSubKey & "%'" strNew2=strNew2 & " or U_Info like '%" & strSubKey & "%'" Next End Select '得到完整的SQL语句 AutoKey="Select * from T_Sample where U_Name like '%" & strKey & "%' or U_Info like '%" & strKey & "%'" & strNew1 & strNew2 End Function %>
|