asp 实现对SQL注入危险字符进行重编码处理的函数
2018-09-06 11:15
<%
******************************
函数:CheckStr(byValChkStr)
参数:ChkStr,待验证的字符
作者:阿里西西
日期:2007/7/15
描述:对SQL注入危险字符进行重编码处理
示例:CheckStr(and1=1orselect*from)
******************************
FunctionCheckStr(byValChkStr)
DimStr:Str=ChkStr
Str=Trim(Str)
IfIsNull(Str)Then
CheckStr=
ExitFunction
EndIf
Dimre
Setre=newRegExp
re.IgnoreCase=True
re.Global=True
re.Pattern=(\r\n){3,}
Str=re.Replace(Str,$1$1$1)
Setre=Nothing
Str=Replace(Str,,)
Str=Replace(Str,select,select)
Str=Replace(Str,join,join)
Str=Replace(Str,union,union)
Str=Replace(Str,where,where)
Str=Replace(Str,insert,insert)
Str=Replace(Str,delete,delete)
Str=Replace(Str,update,update)
Str=Replace(Str,like,like)
Str=Replace(Str,drop,drop)
Str=Replace(Str,create,create)
Str=Replace(Str,modify,modify)
Str=Replace(Str,rename,rename)
Str=Replace(Str,alter,alter)
Str=Replace(Str,cast,cast)
CheckStr=Str
EndFunction
反编上面函数处理过的字符串
FunctionUnCheckStr(Str)
Str=Replace(Str,select,select)
Str=Replace(Str,join,join)
Str=Replace(Str,union,union)
Str=Replace(Str,where,where)
Str=Replace(Str,insert,insert)
Str=Replace(Str,delete,delete)
Str=Replace(Str,update,update)
Str=Replace(Str,like,like)
Str=Replace(Str,drop,drop)
Str=Replace(Str,create,create)
Str=Replace(Str,modify,modify)
Str=Replace(Str,rename,rename)
Str=Replace(Str,alter,alter)
Str=Replace(Str,cast,cast)
UnCheckStr=Str
EndFunction
%>
上一篇:使用ASP启动停止指定WEB站点
下一篇:怎样做自己的二级域名(之三)
文章标题:asp 实现对SQL注入危险字符进行重编码处理的函数
文章链接:http://soscw.com/index.php/essay/9188.html