asp下过滤非法的SQL字符的函数代码

'**************************************************
'函数名：r
'作 用：过滤非法的sql字符
'参 数：strchar-----要过滤的字符
'返回值：过滤后的字符
'**************************************************
public function r(strchar)
if strchar = "" or isnull(strchar) then r = "":exit function
dim strbadchar, arrbadchar, tempchar, i
'strbadchar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & chr(34) & "," & chr(0) & ""
strbadchar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & chr(34) & "," & chr(0) & ""
arrbadchar = split(strbadchar, ",")
tempchar = strchar
for i = 0 to ubound(arrbadchar)
tempchar = replace(tempchar, arrbadchar(i), "")
next
tempchar = replace(tempchar, "@@", "@")
r = tempchar
end function
'过滤xss
function checkxss(byval strcode)
dim re
set re=new regexp
re.ignorecase =true
re.global=true
re.pattern="<.[^>]*(style).>"
strcode = re.replace(strcode, "")
re.pattern="<(a.[^>]*|\/a|li|br|b|\/li|\/b|font.[^>]*|\/font)>"
strcode=re.replace(strcode,"[$1]")
strcode=replace(replace(strcode, "<", "<"), ">", ">")
re.pattern="\[(a.[^\]]*|\/a|li|br|b|\/li|\/b|font.[^\]]*|\/font)\]"
strcode=re.replace(strcode,"<$1>")
re.pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>"
strcode = re.replace(strcode, "")
set re=nothing
checkxss=strcode
end function

function filterids(byval strids)
dim arrids,i,strreturn
strids=trim(strids)
if len(strids)=0 then exit function
arrids=split(strids,",")
for i=0 to ubound(arrids)
if chkclng(trim(arrids(i)))<>0 then
strreturn=strreturn & "," & int(arrids(i))
end if
next
if left(strreturn,1)="," then strreturn=right(strreturn,len(strreturn)-1)
filterids=strreturn
end function