asp 实现对SQL注入危险字符进行重编码处理的函数

2018-09-06 11:15

阅读:426

  <%
******************************
函数:CheckStr(byValChkStr)
参数:ChkStr,待验证的字符
作者:阿里西西
日期:2007/7/15
描述:对SQL注入危险字符进行重编码处理
示例:CheckStr(and1=1orselect*from)
******************************
FunctionCheckStr(byValChkStr)
DimStr:Str=ChkStr
Str=Trim(Str)
IfIsNull(Str)Then
CheckStr=
ExitFunction
EndIf
Dimre
Setre=newRegExp
re.IgnoreCase=True
re.Global=True
re.Pattern=(\r\n){3,}
Str=re.Replace(Str,$1$1$1)
Setre=Nothing
Str=Replace(Str,,)
Str=Replace(Str,select,select)
Str=Replace(Str,join,join)
Str=Replace(Str,union,union)
Str=Replace(Str,where,where)
Str=Replace(Str,insert,insert)
Str=Replace(Str,delete,delete)
Str=Replace(Str,update,update)
Str=Replace(Str,like,like)
Str=Replace(Str,drop,drop)
Str=Replace(Str,create,create)
Str=Replace(Str,modify,modify)
Str=Replace(Str,rename,rename)
Str=Replace(Str,alter,alter)
Str=Replace(Str,cast,cast)
CheckStr=Str
EndFunction

反编上面函数处理过的字符串

FunctionUnCheckStr(Str)
Str=Replace(Str,select,select)
Str=Replace(Str,join,join)
Str=Replace(Str,union,union)
Str=Replace(Str,where,where)
Str=Replace(Str,insert,insert)
Str=Replace(Str,delete,delete)
Str=Replace(Str,update,update)
Str=Replace(Str,like,like)
Str=Replace(Str,drop,drop)
Str=Replace(Str,create,create)
Str=Replace(Str,modify,modify)
Str=Replace(Str,rename,rename)
Str=Replace(Str,alter,alter)
Str=Replace(Str,cast,cast)
UnCheckStr=Str
EndFunction
%>


评论


亲,登录后才可以留言!