asp 实现对SQL注入危险字符进行重编码处理的函数
程序员文章站
2022-05-28 16:19:10
<% '****************************** '函数:checkstr(byval chkstr) '参数:chkstr,待验证的字...
<%
'******************************
'函数:checkstr(byval chkstr)
'参数:chkstr,待验证的字符
'作者:阿里西西
'日期:2007/7/15
'描述:对sql注入危险字符进行重编码处理
'示例:checkstr("and 1=1 or select * from")
'******************************
function checkstr(byval chkstr)
dim str:str=chkstr
str=trim(str)
if isnull(str) then
checkstr = ""
exit function
end if
dim re
set re=new regexp
re.ignorecase =true
re.global=true
re.pattern="(\r\n){3,}"
str=re.replace(str,"$1$1$1")
set re=nothing
str = replace(str,"'","''")
str = replace(str, "select", "select")
str = replace(str, "join", "join")
str = replace(str, "union", "union")
str = replace(str, "where", "where")
str = replace(str, "insert", "insert")
str = replace(str, "delete", "delete")
str = replace(str, "update", "update")
str = replace(str, "like", "like")
str = replace(str, "drop", "drop")
str = replace(str, "create", "create")
str = replace(str, "modify", "modify")
str = replace(str, "rename", "rename")
str = replace(str, "alter", "alter")
str = replace(str, "cast", "cast")
checkstr=str
end function
'反编上面函数处理过的字符串
function uncheckstr(str)
str = replace(str, "select", "select")
str = replace(str, "join", "join")
str = replace(str, "union", "union")
str = replace(str, "where", "where")
str = replace(str, "insert", "insert")
str = replace(str, "delete", "delete")
str = replace(str, "update", "update")
str = replace(str, "like", "like")
str = replace(str, "drop", "drop")
str = replace(str, "create", "create")
str = replace(str, "modify", "modify")
str = replace(str, "rename", "rename")
str = replace(str, "alter", "alter")
str = replace(str, "cast", "cast")
uncheckstr=str
end function
%>
'******************************
'函数:checkstr(byval chkstr)
'参数:chkstr,待验证的字符
'作者:阿里西西
'日期:2007/7/15
'描述:对sql注入危险字符进行重编码处理
'示例:checkstr("and 1=1 or select * from")
'******************************
function checkstr(byval chkstr)
dim str:str=chkstr
str=trim(str)
if isnull(str) then
checkstr = ""
exit function
end if
dim re
set re=new regexp
re.ignorecase =true
re.global=true
re.pattern="(\r\n){3,}"
str=re.replace(str,"$1$1$1")
set re=nothing
str = replace(str,"'","''")
str = replace(str, "select", "select")
str = replace(str, "join", "join")
str = replace(str, "union", "union")
str = replace(str, "where", "where")
str = replace(str, "insert", "insert")
str = replace(str, "delete", "delete")
str = replace(str, "update", "update")
str = replace(str, "like", "like")
str = replace(str, "drop", "drop")
str = replace(str, "create", "create")
str = replace(str, "modify", "modify")
str = replace(str, "rename", "rename")
str = replace(str, "alter", "alter")
str = replace(str, "cast", "cast")
checkstr=str
end function
'反编上面函数处理过的字符串
function uncheckstr(str)
str = replace(str, "select", "select")
str = replace(str, "join", "join")
str = replace(str, "union", "union")
str = replace(str, "where", "where")
str = replace(str, "insert", "insert")
str = replace(str, "delete", "delete")
str = replace(str, "update", "update")
str = replace(str, "like", "like")
str = replace(str, "drop", "drop")
str = replace(str, "create", "create")
str = replace(str, "modify", "modify")
str = replace(str, "rename", "rename")
str = replace(str, "alter", "alter")
str = replace(str, "cast", "cast")
uncheckstr=str
end function
%>