[asp]asp过滤SQL的非法字符 非法sql注入字符

2010年9月11日星期六 | | |

Rem 过滤HTML代码
function HTMLEncode(fString)
if not isnull(fString) then
    fString = replace(fString, ">", ">")
    fString = replace(fString, "<", "&lt;")

    fString = Replace(fString, CHR(32), "&nbsp;")
    fString = Replace(fString, CHR(9), "&nbsp;")
    fString = Replace(fString, CHR(34), "&quot;")
    fString = Replace(fString, CHR(39), "&#39;")
    fString = Replace(fString, CHR(13), "")
    fString = Replace(fString, CHR(10) & CHR(10), "</P><P> ")
    fString = Replace(fString, CHR(10), "<BR> ")

    'fString=ChkBadWords(fString)
    HTMLEncode = fString
else
   HTMLEncode=fstring
end if
end function

Rem 过滤SQL非法字符
function checkStr(str)
 if isnull(str) then
  checkStr = ""
  exit function
 end if
 checkStr=replace(str,"'","''")
end function

Rem 判断数字是否整形
function isInteger(para)
       on error resume next
       dim str
       dim l,i
       if isNUll(para) then
          isInteger=false
          exit function
       end if
       str=cstr(para)
       if trim(str)="" then
          isInteger=false
          exit function
       end if
       l=len(str)
       for i=1 to l
           if mid(str,i,1)>"9" or mid(str,i,1)<"0" then
              isInteger=false
              exit function
           end if
       next
       isInteger=true
       if err.number<>0 then err.clear
end function

function printclass1(id)
  SQL1 = "Select * From [BJX_class1] where anclassid="&id
  Set Rs1 = Conn.Execute(SQL1)
  response.write rs1("anclass")
  rs1.close
  set rs1=nothing
end function

function printclass2(id)
  SQL1 = "Select * From [BJX_class2] where nclassid="&id
  Set Rs1 = Conn.Execute(SQL1)
  response.write rs1("nclass")
  rs1.close
  set rs1=nothing
end function

function printzj1(id)
  SQL1 = "Select * From [BJX_zj1] where anzjid="&id
  Set Rs1 = Conn.Execute(SQL1)
  response.write rs1("anzj")
  rs1.close
  set rs1=nothing
end function

function printzj2(id)
  SQL1 = "Select * From [BJX_zj2] where nzjid="&id
  Set Rs1 = Conn.Execute(SQL1)
  response.write rs1("nzj")
  rs1.close
  set rs1=nothing
end function

function zpcount(id)
  set rs1=server.createobject("adodb.recordset")
  rs1.open "select * from BJX_goods where nzjid="&id,conn,1,1
  response.write rs1.recordcount
  rs1.close
  set rs1=nothing
end function

Function RemoveHTML(strHTML)
 Dim objRegExp, Match, Matches
 Set objRegExp = New Regexp
 objRegExp.IgnoreCase = True
 objRegExp.Global = True
 objRegExp.Pattern = "<.+?>"
 Set Matches = objRegExp.Execute(strHTML)
 For Each Match in Matches
  strHtml=Replace(strHTML,Match.Value,"")
 Next
 RemoveHTML=strHTML
 Set objRegExp = Nothing
End Function 

0 评论:


所有文章收集于网络,如果有牵扯到版权问题请与本站站长联系。谢谢合作![email protected]