主题:  无法得到值的问题

透明男孩
职务:普通成员
等级:2
金币:0.0
发贴:373
#12004/12/11 21:46:19
从柠檬树网上找到一个过滤字符串的函数,我改运了一下,可是用时却提示这样的错误:
Request 对象, ASP 0102 (0x80004005)
函数需要字符串输入。
/library/include/function.asp, 第 6 行

下面是我改的函数:
Function CheckStr(in_str,in_quest,in_type)
str=in_str
Select Case in_quest
Case 1
    str=Request.Form(str) (这就是第6行)
Case 2
    str=Request.QueryString(str)
Case 3
    str=Request.Cookies(str)
Case 4
    str=Request(str)
Case Else
    str=str
End Select
str=""&Trim(str)
str=Replace(str,"'","''"
Select Case in_type
Case 1
    str=Replace(str,CHR(32)," "
    str=Replace(str,CHR(9)," "
    str=Replace(str,CHR(10) & CHR(10),"</P><P> "
    str=Replace(str,CHR(10),"<BR> "
    str=Replace(str,CHR(13),""
Case 2
    str=replace(str,">","&gt;"
str=replace(str,"<","&lt;"
str=Replace(str,CHR(32),"&nbsp;"
str=Replace(str,CHR(9),"&nbsp;"
str=Replace(str,CHR(34),"&quot;"
str=Replace(str,CHR(39),"&#39;"
str=Replace(str,CHR(13),""
str=Replace(str,CHR(10)&CHR(10),"</P><P> "
str=Replace(str,CHR(10),"<BR> "
Case 3
str=replace(str,"&gt;",">"
str=replace(str,"&lt;","<"
    str=Replace(str,"&nbsp;",CHR(32))
str=Replace(str,"&nbsp;",CHR(9))
str=Replace(str,"&quot;",CHR(34))
str=Replace(str,"&#39;",CHR(39))
str=Replace(str,"",CHR(13))
str=Replace(str,"</P><P> ",CHR(10)&CHR(10))
str=Replace(str,"<BR>",CHR(10))
Case else
    str=str
End select
CheckStr=str
End Function

下面是调用方式:
UserName=checkstr(UserName,1,0)

表单路径,文本框名称全部正确.
请问我错在哪里了?

编辑历史:[此帖最近一次被 透明男孩 编辑过(编辑时间:2004-12-11 22:25:47)]

蓝鲸
职务:版主
等级:5
金币:42.1
发贴:2614
#22004/12/11 22:12:02
你还没理解这函数的意思,它是过滤字符变成特定符号,使文本不能执行如<script>等或一些<iframe>等恶意代码,但能正确显示代码,如IE的回车,换成<br />是同样道理。


非常大鱼

透明男孩
职务:普通成员
等级:2
金币:0.0
发贴:373
#32004/12/11 22:21:50
这是这个函数的原代码:
'用途:检查过滤字符串
'输入:字符串,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),检查方式(1不过滤html,2纯html,3标题过滤,4其他html过滤,),字符段截取长度
Function CheckStr(str_str,int_quest,int_type,int_strlen)
mystr=str_str
Select Case int_quest
Case 1
istr=Request.Form(mystr)
Case 2
istr=Request.QueryString(mystr)
Case 3
istr=Request.Cookies(mystr)
Case 4
istr=Request(mystr)
Case Else
istr=mystr
End Select
istr=""&Trim(istr)
istr=Replace(istr,"'","''")
Select Case int_type
Case 1
istr=Replace(istr,CHR(32),"&nbsp;")
istr=Replace(istr,CHR(9),"&nbsp;")
istr=Replace(istr,CHR(10) & CHR(10),"</P><P> ")
istr=Replace(istr,CHR(10),"<BR> ")
istr=Replace(istr,CHR(13),"")
Case 2
istr=istr
Case 3
istr=Replace(istr,CHR(32),"&nbsp;")
istr=Replace(istr,CHR(9),"&nbsp;")
istr=Replace(istr,CHR(13), "")
istr=Replace(istr,"<","&lt;")
istr=Replace(istr,">","&gt;")
istr=Replace(istr,CHR(34),"&quot;")
istr=Replace(istr," ","&nbsp;")
istr=Replace(istr,CHR(39), "&#39;")
Case Else
istr=Replace(istr,CHR(32),"&nbsp;")
istr=Replace(istr,CHR(9),"&nbsp;")
istr=Replace(istr,CHR(10) & CHR(10), "</P><P> ")
istr=Replace(istr,CHR(10), "<BR> ")
istr=Replace(istr,CHR(13), "")
istr=Replace(istr,"<","&lt;")
istr=Replace(istr,">","&gt;")
istr=Replace(istr,CHR(34),"&quot;")
istr=Replace(istr," ","&nbsp;")
istr=Replace(istr,CHR(39), "&#39;")
End select
istr=CutStr(istr,int_strlen,"")
CheckStr=istr
End Function

我改动的意思是让他防SQL注入攻击,顺便过滤一下文本域里面的段落换行等,是不是我改错了?那我遇到问题错在哪了?



透明男孩
职务:普通成员
等级:2
金币:0.0
发贴:373
#42004/12/12 12:32:18
麻烦各位帮帮忙.