再ASP程序中如何调用SQL自定义函数呢?
这是我的调用方法,麻烦各位给指点一下
<%
Dim connectionText,connections,cmdTemp,rst
connectionText="你好<script"
Set conn = Server.CreateObject("ADODB.Connection")
connections = "driver={SQL Server};server=.;uid=sa;pwd=;database=luntandb"
conn.open connections
Set cmdTemp=Server.CreateObject("ADODB.Command")
Set rst=Server.CreateObject("ADODB.Recordset")
cmdTemp.commandText = "dbo.HtmlEncode" ‘自定义函数名称
cmdTemp.CommandType = 4
Set cmdTemp.ActiveConnection = conn
cmdTemp("@contentText") = connectionText
cmdTemp.execute()
rv =cmdTemp("@return_value")
response.Write(rv)
%>
这是SQL自定义函数– =============================================
— Author: <Author,,Name>
— Create date: <Create Date, ,>
— Description: <Description, ,>
— =============================================
ALTER FUNCTION [dbo].[HtmlEncode]
(
@contentText varchar(5000)
)
RETURNS varchar(5000)
AS
BEGIN
SET @contentText = REPLACE(@contentText,'<script’,’<script’);
SET @contentText = REPLACE(@contentText,'<link’,’<link’);
SET @contentText = REPLACE(@contentText,'<ifream’,’<ifream’);
SET @contentText = REPLACE(@contentText,'<style’,’<style’);
SET @contentText = REPLACE(@contentText,’url(‘,’url(’);
RETURN @contentText
END
问题补充:刚才修改了一下,用SQL语句调用,现在改成这样
Dim str,ContentText
Set conn = Server.CreateObject("ADODB.Connection")
connections = "driver={SQL Server};server=.;uid=sa;pwd=;database=luntandb"
conn.open connections
ContentText="测试测试测试<script>alert(‘测试’)</script>"
Set rst=Server.CreateObject("ADODB.Recordset")
str="select dbo.HtmlEncode(‘"&ContentText&"’)"
rst.open str,conn,1,1
response.Write(rst(0))
%>
评论前必须登录!
注册