id=saferequest("id")

sql="deletefromtable1wherewhereid>"&id&""

rs.opensql,conn,1,3

response.write"<script>alert('删除成功');location.href='del.asp';</script>"

setrs=nothing

setconn=nothing

这是过滤非法字符函数代码如下:

functionsaferequest(paraname)

dimparavalue

paravalue=request(paraname)

ifisnumeric(paravalue)=truethen

saferequest=paravalue

exitfunction

elseifinstr(lcase(paravalue),"select")>0orinstr(lcase(paravalue),"insert")>0orinstr(lcase(paravalue),"deletefrom")>0orinstr(lcase(paravalue),"count(")>0orinstr(lcase(paravalue),"droptable")>0orinstr(lcase(paravalue),"update")>0orinstr(lcase(paravalue),"truncate")>0orinstr(lcase(paravalue),"asc(")>0orinstr(lcase(paravalue),"mid(")>0orinstr(lcase(paravalue),"char(")>0orinstr(lcase(paravalue),"xp_cmdshell")>0orinstr(lcase(paravalue),"execmaster")>0orinstr(lcase(paravalue),"netlocalgroupadministrators")>0orinstr(lcase(paravalue),"and")>0orinstr(lcase(paravalue),"netuser")>0orinstr(lcase(paravalue),"or")>0orinstr(lcase(paravalue),"""")>0orinstr(lcase(paravalue),"'")>0then

response.write"请不要在函数中加入非法字符！"

response.end

else

saferequest=paravalue

endif

endfunction

批量删除方法：

主要是利用for循环来实现。

代码如下:

id=request.form("checkbox")

id=Split(id,",")

shu=0

fori=0toUBound(id)

sql="select*fromjiang_fnamewhereid="&id(i)

setrs=conn.execute(sql)

shu=shu+1

next