防止有人故意在表单中输入SQL命令,使程序判断出错.
例:
'替换登陆名中的单引号和双引号
Dim UserID, UserPWD As String
UserID = txtUid.Text
UserPWD = txtPwd.Text
UserID = Replace(UserID, Chr(39), "'")
UserID = Replace(UserID, Chr(34), """)
UserPWD = Replace(UserPWD, Chr(39), "'")
UserPWD = Replace(UserPWD, Chr(34), """)
例:
'替换登陆名中的单引号和双引号
Dim UserID, UserPWD As String
UserID = txtUid.Text
UserPWD = txtPwd.Text
UserID = Replace(UserID, Chr(39), "'")
UserID = Replace(UserID, Chr(34), """)
UserPWD = Replace(UserPWD, Chr(39), "'")
UserPWD = Replace(UserPWD, Chr(34), """)