asp下过滤非法的SQL字符的函数代码
程序员文章站
2023-08-24 11:12:13
复制代码 代码如下:'************************************************** '函数名:r '作 用:过滤非法的sql字符 '...
复制代码 代码如下:
'**************************************************
'函数名:r
'作 用:过滤非法的sql字符
'参 数:strchar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************
public function r(strchar)
if strchar = "" or isnull(strchar) then r = "":exit function
dim strbadchar, arrbadchar, tempchar, i
'strbadchar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & chr(34) & "," & chr(0) & ""
strbadchar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & chr(34) & "," & chr(0) & ""
arrbadchar = split(strbadchar, ",")
tempchar = strchar
for i = 0 to ubound(arrbadchar)
tempchar = replace(tempchar, arrbadchar(i), "")
next
tempchar = replace(tempchar, "@@", "@")
r = tempchar
end function
'过滤xss
function checkxss(byval strcode)
dim re
set re=new regexp
re.ignorecase =true
re.global=true
re.pattern="<.[^>]*(style).>"
strcode = re.replace(strcode, "")
re.pattern="<(a.[^>]*|\/a|li|br|b|\/li|\/b|font.[^>]*|\/font)>"
strcode=re.replace(strcode,"[$1]")
strcode=replace(replace(strcode, "<", "<"), ">", ">")
re.pattern="\[(a.[^\]]*|\/a|li|br|b|\/li|\/b|font.[^\]]*|\/font)\]"
strcode=re.replace(strcode,"<$1>")
re.pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>"
strcode = re.replace(strcode, "")
set re=nothing
checkxss=strcode
end function
function filterids(byval strids)
dim arrids,i,strreturn
strids=trim(strids)
if len(strids)=0 then exit function
arrids=split(strids,",")
for i=0 to ubound(arrids)
if chkclng(trim(arrids(i)))<>0 then
strreturn=strreturn & "," & int(arrids(i))
end if
next
if left(strreturn,1)="," then strreturn=right(strreturn,len(strreturn)-1)
filterids=strreturn
end function
上一篇: 关于茶叶与黄曲霉毒素你知道多少呢
下一篇: ASP 循环导入导出数据处理 不使用缓存