You mean everything not alphanumeric?

你的意思是一切都不是字母数字？

I'd probably use a REReplace in the data layer.

我可能会在数据层中使用 REReplace。

<cfqueryparam 
  cfsqltype="cf_sql_varchar" 
  value="#REReplace(myVar,"[^0-9A-Za-z ]","","all")#" 
/>

Update: changed to include "space".

更新：更改为包括“空格”。

Use a regular expression in Coldfusion

在 Coldfusion 中使用正则表达式

<cfset cleanInput = rereplace(form.input,"[^A-Za-z0-9]","","all") />

This says replace any character that is not A through Z or a through z or 0 through 9 with nothing and do it for everyone encountered.

这表示将任何不是 A 到 Z 或 a 到 z 或 0 到 9 的字符替换为空，并为遇到的每个人执行此操作。

Are you sure you want to blacklist only those characters? Usually a much safer approach is to whitelist only the acceptable characters.

您确定只想将这些字符列入黑名单吗？通常更安全的方法是仅将可接受的字符列入白名单。

If you want to ensure your data is kept pure, the safest place to do this is at source, using an INSERT/UPDATE trigger.

如果你想确保你的数据保持纯净，最安全的地方是在源头，使用 INSERT/UPDATE 触发器。

You could write a UDF that does this in T-SQL, or for best performance, implement it as a CLR function using C# or similar.

您可以编写一个在 T-SQL 中执行此操作的 UDF，或者为了获得最佳性能，使用 C# 或类似方法将其实现为 CLR 函数。

Doing this onlyin SQL could cause validation issues, though. E.g., if the user has only entered invalid characters on a required field, they essentially have given you no input, so your GUI will likely need to throw a validation error. So, best to have validation checks for usability in your front-end, and triggers for data integrity on the back end.

但是，仅在 SQL 中执行此操作可能会导致验证问题。例如，如果用户只在必填字段中输入了无效字符，他们基本上没有给您任何输入，因此您的 GUI 可能需要抛出验证错误。因此，最好在前端进行可用性验证检查，并在后端触发数据完整性。

I used this as a check to get a false back if the characters were not on the whitelist.

如果字符不在白名单中，我将其用作检查以获取错误回复。

<cfif len(testString) EQ len(rereplaceNocase(testString,"[^A-Za-z0-9-+$. _[]","","all"))>
     TRUE<br>
<cfelse>
     FALSE<br>
</cfif>