asp下过滤非法的SQL字符的函数代码
2018-09-06 12:15
复制代码 代码如下:
**************************************************
函数名:R
作 用:过滤非法的SQL字符
参 数:strChar-----要过滤的字符
返回值:过滤后的字符
**************************************************
Public Function R(strChar)
If strChar = Or IsNull(strChar) Then R = :Exit Function
Dim strBadChar, arrBadChar, tempChar, I
strBadChar = $,#,,%,^,&,?,(,),<,>,[,],{,},/,\,;,:, & Chr(34) & , & Chr(0) &
strBadChar = +,,--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:, & Chr(34) & , & Chr(0) &
arrBadChar = Split(strBadChar, ,)
tempChar = strChar
For I = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(I), )
Next
tempChar = Replace(tempChar, @@, @)
R = tempChar
End Function
过滤xss
Function CheckXSS(ByVal strCode)
Dim Re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern=<.[^>]*(style).>
strCode = re.Replace(strCode, )
re.Pattern=<(a.[^>]*\/alibrB\/li\/Bfont.[^>]*\/font)>
strCode=re.Replace(strCode,[$1])
strCode=Replace(Replace(strCode, <, <), >, >)
re.Pattern=\[(a.[^\]]*\/alibrB\/li\/Bfont.[^\]]*\/font)\]
strCode=re.Replace(strCode,<$1>)
re.Pattern=<.[^>]*(on(loadclickdbclickmouseovermouseoutmousedownmouseupmousewheelkeydownsubmitchangefocus)).>
strCode = re.Replace(strCode, )
Set Re=Nothing
CheckXSS=strCode
End Function
Function FilterIDs(byval strIDs)
Dim arrIDs,i,strReturn
strIDs=Trim(strIDs)
If Len(strIDs)=0 Then Exit Function
arrIDs=Split(strIDs,,)
For i=0 To Ubound(arrIds)
If ChkClng(Trim(arrIDs(i)))<>0 Then
strReturn=strReturn & , & Int(arrIDs(i))
End If
Next
If Left(strReturn,1)=, Then strReturn=Right(strReturn,Len(strReturn)-1)
FilterIDs=strReturn
End Function
下一篇:asp的错误集合