asp中过滤非法的SQL字符的函数代码
发布时间:2023-06-10 13:15:16 所属栏目:Asp教程 来源:
导读:过滤非法的SQL字符,防止sql注入等。里面的体会思路主要运用了批量替换,是个不错的思路。
复制代码代码如下:
'**************************************************
'函数名:R
'作 用:
复制代码代码如下:
'**************************************************
'函数名:R
'作 用:
|
过滤非法的SQL字符,防止sql注入等。里面的体会思路主要运用了批量替换,是个不错的思路。 复制代码代码如下: '************************************************** '函数名:R '作 用:过滤非法的SQL字符 '参 数:strChar-----要过滤的字符 '返回值:过滤后的字符 '************************************************** Public Function R(strChar) If strChar = "" Or IsNull(strChar) Then R = "":Exit Function Dim strBadChar, arrBadChar, tempChar, I 'strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,/,;,:," & Chr(34) & "," & Chr(0) & "" strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,/,;,:," & Chr(34) & "," & Chr(0) & "" arrBadChar = Split(strBadChar, ",") tempChar = strChar For I = 0 To UBound(arrBadChar) tempChar = Replace(tempChar, arrBadChar(I), "") Next tempChar = Replace(tempChar, "@@", "@") R = tempChar End Function '过滤xss Function CheckXSS(ByVal strCode) Dim Re Set re=new RegExp re.IgnoreCase =True re.Global=True re.Pattern="<.[^>]*(style).>" strCode = re.Replace(strCode, "") re.Pattern="<(a.[^>]*|//a|li|br|B|//li|//B|font.[^>]*|//font)>" strCode=re.Replace(strCode,"[$1]") strCode=Replace(Replace(strCode, "<", "<"), ">", ">") re.Pattern="/[(a.[^/]]*|//a|li|br|B|//li|//B|font.[^/]]*|//font)/]" strCode=re.Replace(strCode,"<$1>") re.Pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>" strCode = re.Replace(strCode, "") Set Re=Nothing CheckXSS=strCode End Function Function FilterIDs(byval strIDs) Dim arrIDs,i,strReturn strIDs=Trim(strIDs) If Len(strIDs)=0 Then Exit Function arrIDs=Split(strIDs,",") For i=0 To Ubound(arrIds) If ChkClng(Trim(arrIDs(i)))<>0 Then strReturn=strReturn & "," & Int(arrIDs(i)) End If Next If Left(strReturn,1)="," Then strReturn=Right(strReturn,Len(strReturn)-1) FilterIDs=strReturn End Function (编辑:聊城站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
推荐文章
站长推荐
