asp下过滤非法的SQL字符的函数代码

时间:2021-11-21 08:58:59

代码如下:


'************************************************** 
'函数名:R 
'作 用:过滤非法的SQL字符 
'参 数:strChar-----要过滤的字符 
'返回值:过滤后的字符 
'************************************************** 
Public Function R(strChar) 
If strChar = "" Or IsNull(strChar) Then R = "":Exit Function 
Dim strBadChar, arrBadChar, tempChar, I 
'strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & "" 
strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & "" 
arrBadChar = Split(strBadChar, ",") 
tempChar = strChar 
For I = 0 To UBound(arrBadChar) 
tempChar = Replace(tempChar, arrBadChar(I), "") 
Next 
tempChar = Replace(tempChar, "@@", "@") 
R = tempChar 
End Function 
'过滤xss 
Function CheckXSS(ByVal strCode) 
Dim Re 
Set re=new RegExp 
re.IgnoreCase =True 
re.Global=True 
re.Pattern="<.[^>]*(style).>" 
strCode = re.Replace(strCode, "") 
re.Pattern="<(a.[^>]*|\/a|li|br|B|\/li|\/B|font.[^>]*|\/font)>" 
strCode=re.Replace(strCode,"[$1]") 
strCode=Replace(Replace(strCode, "<", "<"), ">", ">") 
re.Pattern="\[(a.[^\]]*|\/a|li|br|B|\/li|\/B|font.[^\]]*|\/font)\]" 
strCode=re.Replace(strCode,"<$1>") 
re.Pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>" 
strCode = re.Replace(strCode, "") 
Set Re=Nothing 
CheckXSS=strCode 
End Function 

Function FilterIDs(byval strIDs) 
Dim arrIDs,i,strReturn 
strIDs=Trim(strIDs) 
If Len(strIDs)=0 Then Exit Function 
arrIDs=Split(strIDs,",") 
For i=0 To Ubound(arrIds) 
If ChkClng(Trim(arrIDs(i)))<>0 Then 
strReturn=strReturn & "," & Int(arrIDs(i)) 
End If 
Next 
If Left(strReturn,1)="," Then strReturn=Right(strReturn,Len(strReturn)-1) 
FilterIDs=strReturn 
End Function