<%@H_404_0@ '用户输入非法字符@H_4040@ dim checkstring(3)@H4040@ checkstring(0) = "'"@H4040@ checkstring(1) = " "@H4040@ checkstring(2) = ";"@H4040@ checkstring(3) = ":"@H4040@ @H404_0@ '替换用户输入的非法字符 stringarray 非法字符数组 checkstring 需检查的字符串@H_4040@ function ReplaceString(stringarray,checkstring)@H4040@ @H4040@  for i=0 to ubound(stringarray)@H4040@   checkstring = Replace(checkstring,stringarray(i),"")@H4040@  next@H4040@  @H4040@  ReplaceString = checkstring@H4040@  @H4040@ end function@H4040@%>@H4040@uid = ReplaceString(checkstring,Request.Form("loginname"))@H404_0@upwd = ReplaceString(checkstring,Request.Form("password"))