加入收藏 | 设为首页 | 会员中心 | 我要投稿 聊城站长网 (https://www.0635zz.com/)- 智能语音交互、行业智能、AI应用、云计算、5G!
当前位置: 首页 > 站长学院 > Asp教程 > 正文

使用 SafeCheck,可以实现对 ASP 的安全性进行检查和筛选

发布时间:2023-07-17 14:20:10 所属栏目:Asp教程 来源:
导读:'--------------------------------------------------------------------------

'作用:安全字符串检测函数

'名字:SafeCheck

'参数:CheckString,CheckType,CheckLength

'说明:
'--------------------------------------------------------------------------
 
'作用:安全字符串检测函数
 
'名字:SafeCheck
 
'参数:CheckString,CheckType,CheckLength
 
'说明:
 
'Checkstring待检测字符串:任意字符.
 
'CheckType检测类型0正常短字符1数字2日期3金钱4编码HTML5解码HTML6登录字符串7防攻击检测
 
'CheckLength检测类型长度:类型为int,当为金钱时为小数点的位置
 
'返回值:如果通过检测,返回正确字符串,
 
'如果未通过则返回错误代码SYSTEM_ERROR|ERROR_CODE
 
'Script Writen by :SnowDu(杜雪.NET)
 
'Web:http://www.snsites.com/
 
'--------------------------------------------------------------------------
 
function SafeCheck(CheckString,CheckType,CheckLength)
 
On Error Resume Next
 
ErrorRoot="SYSTEM_ERROR|"
 
if checkString="" then
 
SafeCheck=ErrorRoot&"00001"
 
exit function
 
end if
 
CheckString=Replace(CheckString,"'","'")
 
select case CheckType
 
case 0
 
CheckString=trim(CheckString)
 
SafeCheck=Left(CheckString,CheckLength)
 
case 1
 
if not isnumberic(CheckString) then
 
SafeCheck=ErrorRoot&"00002"
 
exit function
 
else
 
SafeCheck=Left(CheckString,CheckLength)
 
end if
 
case 2
 
tempVar=IsDate(CheckString)
 
if Not TempVar then
 
SafeCheck=ErrorRoot&"00003"
 
exit function
 
else
 
select case CheckLength
 
case 0
 
SafeCheck=FormatDateTime(CheckString,vbShortDate)
 
case 1
 
SafeCheck=FormatDateTime(CheckString,vbLongDate)
 
case 2
 
SafeCheck=CheckString
 
end select
 
end if
 
case 3
 
tempVar=FormatCurrency(CheckString,0)
 
if Err then
 
SafeCheck=ErrorRoot&"00004"
 
exit function
 
else
 
SafeCheck=FormatCurrency(CheckString,CheckLength)
 
end if
 
case 4
 
sTemp = CheckString
 
If IsNull(sTemp) = True Then
 
SafeCheck=ErrorRoot&"00005"
 
Exit Function
 
End If
 
sTemp = Replace(sTemp, "&", "&")
 
sTemp = Replace(sTemp, "<", "<")
 
sTemp = Replace(sTemp, ">", ">")
 
sTemp = Replace(sTemp, Chr(34), """)
 
sTemp = Replace(sTemp, Chr(10), "<br>")
 
SafeCheck = Left(sTemp,CheckLength)
 
case 5
 
sTemp = CheckString
 
If IsNull(sTemp) = True Then
 
SafeCheck=ErrorRoot&"00006"
 
Exit Function
 
End If
 
sTemp = Replace(sTemp, "&", "&")
 
sTemp = Replace(sTemp, "<", "<")
 
sTemp = Replace(sTemp, ">", ">")
 
sTemp = Replace(sTemp, """, Chr(34))
 
sTemp = Replace(sTemp, "<br>",Chr(10))
 
SafeCheck = Left(sTemp,CheckLength)
 
case 6
 
s_BadStr = "'  &<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32)
 
n = Len(s_BadStr)
 
IsSafeStr = True
 
For i = 1 To n
 
If Instr(CheckString, Mid(s_BadStr, i, 1)) > 0 Then
 
IsSafeStr = False
 
End If
 
Next
 
if IsSafeStr then
 
SafeCheck=left(CheckString,CheckLength)
 
else
 
SafeCheck=ErrorRoot&"00007"
 
Exit Function
 
end if
 
case 7
 
s_Filter="net user|xp_cmdshell|/add|select|count|asc|char|mid|'|""|"
 
S_Filter=S_Filter&"insert|delete|drop|truncate|from|%|declare|-"
 
S_Filters=split(S_Filter,"|")
 
isFound=false
 
for i=0 to ubound(S_Filters)-1
 
if Instr(lcase(CheckString),lcase(S_Filters(i)))<>0 then
 
isFound=true
 
exit for
 
end if
 
next
 
if isFound then
 
SafeCheck=ErrorRoot&"00008"
 
Exit Function
 
else
 
SafeCheck=left(CheckString,CheckLength)
 
end if
 
end select
 
end function
 
 

(编辑:聊城站长网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

        【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

        建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的优质浏览效果

        Copygight © 2016-2023 https://www.0635zz.com/ All Rights Reserved. 聊城站长网