主页 > 知识库 > asp下过滤非法的SQL字符的函数代码

asp下过滤非法的SQL字符的函数代码

热门标签:服务器配置 团购网站 阿里云 科大讯飞语音识别系统 Linux服务器 Mysql连接数设置 电子围栏 银行业务
复制代码 代码如下:

'**************************************************
'函数名:R
'作 用:过滤非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************
Public Function R(strChar)
If strChar = "" Or IsNull(strChar) Then R = "":Exit Function
Dim strBadChar, arrBadChar, tempChar, I
'strBadChar = "$,#,',%,^,,?,(,),,>,[,],{,},/,\,;,:," Chr(34) "," Chr(0) ""
strBadChar = "+,',--,%,^,,?,(,),,>,[,],{,},/,\,;,:," Chr(34) "," Chr(0) ""
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For I = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(I), "")
Next
tempChar = Replace(tempChar, "@@", "@")
R = tempChar
End Function
'过滤xss
Function CheckXSS(ByVal strCode)
Dim Re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern=".[^>]*(style).>"
strCode = re.Replace(strCode, "")
re.Pattern="(a.[^>]*|\/a|li|br|B|\/li|\/B|font.[^>]*|\/font)>"
strCode=re.Replace(strCode,"[$1]")
strCode=Replace(Replace(strCode, "", "lt;"), ">", "gt;")
re.Pattern="\[(a.[^\]]*|\/a|li|br|B|\/li|\/B|font.[^\]]*|\/font)\]"
strCode=re.Replace(strCode,"$1>")
re.Pattern=".[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>"
strCode = re.Replace(strCode, "")
Set Re=Nothing
CheckXSS=strCode
End Function

Function FilterIDs(byval strIDs)
Dim arrIDs,i,strReturn
strIDs=Trim(strIDs)
If Len(strIDs)=0 Then Exit Function
arrIDs=Split(strIDs,",")
For i=0 To Ubound(arrIds)
If ChkClng(Trim(arrIDs(i)))>0 Then
strReturn=strReturn "," Int(arrIDs(i))
End If
Next
If Left(strReturn,1)="," Then strReturn=Right(strReturn,Len(strReturn)-1)
FilterIDs=strReturn
End Function

标签:萍乡 枣庄 衡水 江苏 大理 蚌埠 广元 衢州

巨人网络通讯声明:本文标题《asp下过滤非法的SQL字符的函数代码》,本文关键词  ;如发现本文内容存在版权问题,烦请提供相关信息告之我们,我们将及时沟通与处理。本站内容系统采集于网络,涉及言论、版权与本站无关。
  • 相关文章
  • 收缩
    • 微信客服
    • 微信二维码
    • 电话咨询

    • 400-1100-266