数据库查询中的特殊字符的问题在进行数据库的查询时,会经常遇到这样的情况:例如想在一个用户数据库中查询他的用户名和他的密码,但恰好该用户使用的名字和密码中有特殊的字符,例如单引号,“|”号,双引号或者连字符“&”。例如他的名字是1"test,密码是A|&900这时当你执行以下的查询语句时,肯定会报错:SQL="SELECT*FROMsecurityLevelWHEREUID=""&UserID&"""SQL=SQL&"ANDPWD=""&Password&"""因为你的SQL将会是这样:SELECT*FROMSecurityLevelWHEREUID="1"test"ANDPWD="A|&900"在SQL中,"|"为分割字段用的,显然会出错了。现在提供下面的几个函数专门用来处理这些头疼的东西数据库转义字符:
复制代码 代码如下:
functionReplaceStr(TextIn,ByValSearchStrAsString,_ByValReplacementAsString,_ByValCompModeAsInteger)DimWorkTextAsString,PointerAsIntegerIfIsNull(TextIn)ThenReplaceStr=NullElseWorkText=TextInPointer=InStr(1,WorkText,SearchStr,CompMode)DoWhilePointer>0WorkText=Left(WorkText,Pointer-1)&Replacement&_Mid(WorkText,Pointer+Len(SearchStr))Pointer=InStr(Pointer+Len(Replacement),WorkText,SearchStr,CompMode)LoopReplaceStr=WorkTextEndIfEndFunctionFunctionSQLFixup(TextIn)SQLFixup=ReplaceStr(TextIn,""","""",0)EndFunctionFunctionJetSQLFixup(TextIn)DimTempTemp=ReplaceStr(TextIn,""","""",0)JetSQLFixup=ReplaceStr(Temp,"|",""&chr(124)&"",0)EndFunctionFunctionFindFirstFixup(TextIn)DimTempTemp=ReplaceStr(TextIn,""",""&chr(39)&"",0)FindFirstFixup=ReplaceStr(Temp,"|",""&chr(124)&"",0)EndFunction
有了上面几个函数后,当你在执行一个sql前,请先使用SQL="SELECT*FROMSecurityLevelWHEREUID=""&SQLFixup(UserID)&"""SQL=SQL&"ANDPWD=""&SQLFixup(Password)&"""
发表评论