chr(9), chr(10), chr(13), chr(32), chr(34)
All tables about ASCII codes: [url][/url]
chr(13) is a carriage return
Chr(10) is a newline character
chr(32) is a space character
9/34 is a tab, not determined?
Here are some examples
special space character
In asp programming, we often use the trim(rtrim,ltrim) function to remove the spaces at the beginning and end of some data. The author recently wrote an asp chat room with the following code:
<% dim name,title
name=trim(request.form("name"))
password=trim(request.form("password"))
if name=""or password="" then response.redirect "error.asp?error=name&name=null"
myDSN="DSN=test;uid=test;pwd=test"
set cn=server.createobject("adodb.connection")
cn.open myDSN
sql="insert into test(name,title) values('"&name&"','"&password&"')"
cn.execute(sql)
cn.close%>
The author used the trim function to remove the spaces at the beginning and end. Under normal circumstances, this program executed normally, but later the author discovered that someone could use spaces to enter, which means that the user's name was completely spaces. , but the author tried to use spaces by himself but couldn't pass it (that is, it was detected by the program). The spaces at the beginning and end were removed by the trim function. Even if there are spaces in the middle, I can use it if needed. Use a function to remove the spaces in the middle. Since the author is using the user information recorded in the sql database, the author suspects that he has used something else to prevent the system from seeing it, so he goes to check the sql database that records the user information (the author I have used this method to see users with line breaks), but I still see that the user's information in the database also has spaces. Does this mean that this user has used a method to bypass my username and password monitoring? ? ? I really couldn't find any loopholes in the program, so I could only ask this user for advice. Fortunately, this user readily told me that it turned out to be "Alt+255", hold down the alt key and then press "Center" on the small keyboard. 2", "5", "5" will produce a special "space" character (the author is not very clear about this concept. This is a control character that is used in some compilers. You can see word2000 in the editor, and there should be other control characters). This space character is different from the traditional character generated by pressing the space bar. Its asc code is 255, and the asc code of the traditional space typed space is 32. The trim function can only recognize and remove the code with asc code 32, so there are users with spaces! In response to this situation, the author designed the following two functions to remove the "space" character:
function xuankong(str)
dim result
dim j
j=len(str)
result=""
dim i
for i = 1 to j
select case mid(str,i,1)
case "<"
result=result+"<"
case ">"
result=result+">"
case chr(34)
result=result+"""
case "&"
result=result+"&" 'The above code converts some html tags
case chr(255) 'Prevent special spaces
result=result
case chr(13) 'Prevent carriage returns
result=result+""
case chr(10) 'Prevent newline characters
result=result+""
case else
result=result+mid(str,i,1)
end select
next
xuankong=result
end function
Then use this function in your asp program, such as:
name=xuankong(trim(request.form("name")))
Because the value of the character 0-z asc code is in the range 48-122, you can use the following method to monitor:
dim j
j=len(trim(request.form("name")))
for i= 1 to j
if asc(mid(name,i,1))>122 or asc(mid(name,i,1))<48 then response..redirect"error.asp?
error=special"
next
Although this kind of "space" has not yet been found to cause problems that will damage the program, it can cause trouble, and it is better to prevent it. However, this kind of space also has an advantage. If it is used as your Internet password, hehe... I’m afraid not many people can see it! Everything I saw was thought to be space, but it was not... The author is not familiar with php and jsp, so I don't know if this kind of problem exists in these two things.
neweguo 2006-1-12 01:55 AM
How to read spaces
How to read spaces
We often need to dynamically display content taken from files on web pages. If you write a program such as a chat room or forum, the content of each speaker must first be stored in a text file and then displayed in on the web page. But the control we use on the web page to allow users to input content is the text box. Then when the content in the text box is displayed on the web page, characters like spaces and line breaks cannot be displayed, which means there are no paragraphs. In order to display paragraphs on a web page, HTML tags must be inserted into the spaces and line breaks where we enter text to display these characters. Please see the example below.
If there is a chat room screen on the web page, after we enter the content in the text box, click "Submit" to display our content on the page. The text box is named Text1. We can use the following method to do it very cleverly. Realize the function of displaying text line breaks and spaces.
<%
...
...
str=request.querystring("text1")
str=Replace(str, Chr(32), " ")
'Replace spaces with signs
str=Replace(str, vbCrLf, "<br>")
'Replace the carriage return and line feed characters with the <br> flag
Response.write str
...
...
%>
After passing the above code, we change the carriage return and line feed characters in the text into the <br> line feed mark recognized by the browser, and replace the spaces with the space mark. Among them, Chr(32) represents a space and vbCrLf represents a carriage return and line feed.
neweguo 2006-1-12 01:55 AM
chr(13) is a carriage return
(
Example: Replace all carriage returns with <br/>
#Replace(foo, Chr(13), "<br />", "ALL")#
)
Chr(10) is a newline character
All tables about ASCII codes: [url][/url]
<cfscript>
/**
* An enhanced version of the article paragraph formatting function
* Use ) to replace TAB and support multiple systems
* Rewrite and multiOS support by Nathan Dintenfas.
*
* @param string The string to format. (Required)
* @return Returns a string.
* @author Ben Forta ([email][email protected][/email])
* @version 3, June 26, 2002
*/
function Paragrap1hFormat2(str) {
//first make Windows style into Unix style
str = replace(str,chr(13)&chr(10),chr(10),"ALL");
//now make Macintosh style into Unix style
str = replace(str,chr(13),chr(10),"ALL");
//now fix tabs
str = replace(str,chr(9)," ","ALL");
//now return the text formatted in HTML
return replace(str,chr(10),"<br />","ALL");
}
</cfscript>