防止Sql注入字符串:
Function CheckSqlHack(ByVal sSql As String) As String '防止sql注入
sSql = Replace(sSql, "'", "")
sSql = Replace(sSql, "--", "")
sSql = Replace(sSql, "INSERT", "")
sSql = Replace(sSql, "UPDATE", "")
sSql = Replace(sSql, "DELETE", "")
sSql = Replace(sSql, "exec", "")
sSql = Replace(sSql, "declare ", "")
Return sSql
End Function
变量赋值时防止为空和类型转换:
Public Shared Function HStr(ByVal AInpt As Object) As String
If AInpt Is Nothing Or AInpt Is DBNull.Value Then '根据情况变化
Return ""
Else
Return Convert.ToString(AInpt) '根据情况变化
End If
End Function
Integer:
If AInpt Is Nothing Or AInpt Is DBNull.Value Or Not IsNumeric(AInpt) Then
Return Convert.ToInt32(AInpt)
Double:
If AInpt Is Nothing Or AInpt Is DBNull.Value Or Not IsNumeric(AInpt) Then
Return Convert.ToDouble(AInpt)
String(Date):
If dateIn Is Nothing Or dateIn Is DBNull.Value Then
If IsDate(dateIn) Then
Return CDate(dateIn).ToString("yyyy-MM-dd")
Else
Return HStr(dateIn)
End If