Public Function kk(ByVal tmp As String) As String
On Error GoTo ProErr
Dim tmp2 As String
tmp2 = "" & Trim(tmp)
tmp2 = " '" & Replace(tmp2, "'", "''") & "' "
kk = tmp2
Exit Function
ProErr:
MsgBox "「" & Screen.ActiveForm.Caption & "」 『CancelClick』 " & Err.Description
End Function
谁能帮详细讲解一下tmp2 = " '" & Replace(tmp2, "'", "''") & "' "的意思,这句主要是用来给传来的值加两个单引号,方便在VB中写SQL语句,
但我不'是明白Replace(tmp2, "'", "''") 的意思,为什么要用"'"代替"''",麻烦各位了,谢谢!!
On Error GoTo ProErr
Dim tmp2 As String
tmp2 = "" & Trim(tmp)
tmp2 = " '" & Replace(tmp2, "'", "''") & "' "
kk = tmp2
Exit Function
ProErr:
MsgBox "「" & Screen.ActiveForm.Caption & "」 『CancelClick』 " & Err.Description
End Function
谁能帮详细讲解一下tmp2 = " '" & Replace(tmp2, "'", "''") & "' "的意思,这句主要是用来给传来的值加两个单引号,方便在VB中写SQL语句,
但我不'是明白Replace(tmp2, "'", "''") 的意思,为什么要用"'"代替"''",麻烦各位了,谢谢!!
1,防注入
2,sql中不支持'引号插入语句,一般做法:先替换单引号成别的字符,插入完后显示再替换回