asp常用函数 有选择的过滤SQL非法字符
2021-12-07 14:43   asp  93 0 0 0 标题录入 封面图
asp常用函数 '过滤SQL非法字符<br /> '======================================<br /> Function CheckStr(ByVal Strer,ByVal Num)<br /> Dim Shield,w<br /> If Strer = &quot;&quot; Or IsNull(Strer) Then Exit Function<br /> Select Case Num<br /> Case 0 '一般<br /> Strer = Trim(Strer)<br /> Strer = Replace(Strer,CHR(39),&quot;''&quot;) '单引号<br /> Strer = Replace(Strer,CHR(34),&quot;&amp;quot;&quot;) '双引号<br /> 'Strer = Replace(Strer,CHR(32),&quot;&amp;nbsp;&quot;) '空格<br /> Strer = Replace(Strer,CHR(60),&quot;&amp;lt;&quot;) '&lt;<br /> Strer = Replace(Strer,CHR(62),&quot;&amp;gt;&quot;) '&gt;<br /> Strer = Replace(Strer,&quot;%3C&quot;,&quot;&amp;lt;&quot;) '&lt;<br /> Strer = Replace(Strer,&quot;%3E&quot;,&quot;&amp;gt;&quot;) '&gt;<br /> 'Strer = Replace(Strer,&quot;--&quot;,&quot;--&quot;)<br /> Strer = Replace(Strer,vbCrLf,&quot;&lt;br&gt;&quot;)<br /> Case 1,8 '数字,支持小数<br /> If IsNumeric(Strer) = 0 Then<br /> Response.Write &quot;操作错误&quot;<br /> Response.End<br /> End If<br /> Case 2'文本域提交<br /> Strer = Replace(Strer,CHR(39),&quot;''&quot;) '单引号<br /> Strer = Replace(Strer,CHR(34),&quot;&amp;quot;&quot;) '双引号<br /> Strer = Replace(Strer,CHR(32),&quot;&amp;nbsp;&quot;) '空格<br /> Strer = Replace(Strer,CHR(60),&quot;&amp;lt;&quot;) '&lt;<br /> Strer = Replace(Strer,CHR(62),&quot;&amp;gt;&quot;) '&gt;<br /> Strer = Replace(Strer,&quot;%3C&quot;,&quot;&amp;lt;&quot;) '&lt;<br /> Strer = Replace(Strer,&quot;%3E&quot;,&quot;&amp;gt;&quot;) '&gt;<br /> Strer = Replace(Strer,vbCrLf,&quot;&lt;br&gt;&quot;)<br /> Case 3'文本域显示<br /> Strer = Replace(Strer,&quot;&amp;#39;&quot;,CHR(39)) '单引号<br /> Strer = Replace(Strer,&quot;&amp;quot;&quot;,CHR(34)) '双引号<br /> Strer = Replace(Strer,&quot;&amp;nbsp;&quot;,CHR(32)) '空格<br /> Strer = Replace(Strer,&quot;&amp;lt;&quot;,CHR(60)) '&lt;<br /> Strer = Replace(Strer,&quot;&amp;gt;&quot;,CHR(62)) '&gt;<br /> Strer = Replace(Strer,&quot;%3C&quot;,&quot;&amp;lt;&quot;) '&lt;<br /> Strer = Replace(Strer,&quot;%3E&quot;,&quot;&amp;gt;&quot;) '&gt;<br /> Strer = Replace(Strer,&quot;&lt;br&gt;&quot;,vbCrLf)<br /> Case 4<br /> Strer = Replace(Strer, WR_Setting(4)&amp;WR_UpLoad(0)&amp;&quot;/&quot;, &quot;{$InstallDir}{$SiteUpDir}/&quot;)<br /> Strer = Replace(Strer, WR_Setting(3)&amp;WR_UpLoad(0)&amp;&quot;/&quot;, &quot;{$InstallDir}{$SiteUpDir}/&quot;)<br /> Case 5<br /> Strer = Replace(Strer, &quot;{$InstallDir}{$SiteUpDir}/&quot;, UrlPath&amp;WR_UpLoad(0)&amp;&quot;/&quot;)<br /> Case 6 '支持HTML<br /> Strer = Replace(Strer, Chr(39), &quot;''&quot;) '单引号<br /> Strer = Replace(Strer, vbCrLf, &quot;&lt;br&gt;&quot;)<br /> Case 7<br /> Strer = Replace(Strer, &quot;&lt;br&gt;&quot;, vbCrLf)<br /> Strer = Replace(Strer, &quot;&amp;#39;&quot;, Chr(39)) '单引号<br /> Case 9 '模板添加修改 转换单引号<br /> Strer = Replace(Strer, &quot;'&quot;, &quot;''&quot;)<br /> Case 10 '过滤内容中的框架页及js代码等<br /> Strer = unescape(Strer)<br /> Strer = replace(Strer,&quot;&lt;ifrAme&quot;,&quot;&amp;lt;ifrAme&quot;,1,-1,1)<br /> Strer = replace(Strer,&quot;&lt;/ifrAme&gt;&quot;,&quot;&amp;lt;/ifrAme&gt;&quot;,1,-1,1)<br /> Strer = replace(Strer,&quot;&lt;script&quot;,&quot;&amp;lt;script&quot;,1,-1,1)<br /> Strer = replace(Strer,&quot;&lt;/script&gt;&quot;,&quot;&amp;lt;/script&gt;&quot;,1,-1,1)<br /> Case 11 '显示时支持HTML<br /> Strer = Replace(Strer,&quot;&amp;#39;&quot;,CHR(39)) '单引号<br /> Strer = Replace(Strer,&quot;&amp;quot;&quot;,CHR(34)) '双引号<br /> Strer = Replace(Strer,CHR(32),&quot;&amp;nbsp;&quot;) '空格<br /> Strer = Replace(Strer, vbCrLf, &quot;&lt;br&gt;&quot;)<br /> End Select<br /> Shield = Split(WR_Setting(11),vbCrLf)<br /> For w=0 To Ubound(Shield)<br /> If Shield(w) &lt;&gt; &quot;&quot; Then<br /> If Instr(Shield(w),&quot;=&quot;) &gt; 0 Then Strer=Replace(Strer,Split(Shield(w),&quot;=&quot;)(0),Split(Shield(w),&quot;=&quot;)(1))<br /> End If<br /> Next<br /> CheckStr = Strer<br /> End Function
怎么提高认知水平?
T:0.006696s,M:252.02 KB
返回顶部 留言