过滤非法的SQL字符,防止sql注入等。里面的体会思路主要运用了批量替换,是个不错的思路。

代码如下: ''************************************************** ''函数名:R ''作 用:过滤非法的SQL字符 ''参 数:strChar-----要过滤的字符 ''返回值:过滤后的字符 ''************************************************** Public Function R(strChar) If strChar = '' Or IsNull(strChar) Then R = '':E

作者: 来源: 时间: 17-11-23 16:03:53

代码如下:
''**************************************************
''函数名:R
''作 用:过滤非法的SQL字符
''参 数:strChar-----要过滤的字符
''返回值:过滤后的字符
''**************************************************
Public Function R(strChar)
If strChar = "" Or IsNull(strChar) Then R = "":Exit Function
Dim strBadChar, arrBadChar, tempChar, I
''strBadChar = "$,#,'',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""
strBadChar = "+,'',--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For I = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(I), "")
Next
tempChar = Replace(tempChar, "@@", "@")
R = tempChar
End Function
''过滤xss
Function CheckXSS(ByVal strCode)
Dim Re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="<.[^>]*(style).>"
strCode = re.Replace(strCode, "")
re.Pattern="<(a.[^>]*|/a|li|br|B|/li|/B|font.[^>]*|/font)>"
strCode=re.Replace(strCode,"[$1]")
strCode=Replace(Replace(strCode, "<", "<"), ">", ">")
re.Pattern="\[(a.[^\]]*|/a|li|br|B|/li|/B|font.[^\]]*|/font)\]"
strCode=re.Replace(strCode,"<$1>")
re.Pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>"
strCode = re.Replace(strCode, "")
Set Re=Nothing
CheckXSS=strCode
End Function

Function FilterIDs(byval strIDs)
Dim arrIDs,i,strReturn
strIDs=Trim(strIDs)
If Len(strIDs)=0 Then Exit Function
arrIDs=Split(strIDs,",")
For i=0 To Ubound(arrIds)
If ChkClng(Trim(arrIDs(i)))<>0 Then
strReturn=strReturn & "," & Int(arrIDs(i))
End If
Next
If Left(strReturn,1)="," Then strReturn=Right(strReturn,Len(strReturn)-1)
FilterIDs=strReturn
End Function
11
22
33
隐藏区块

会员注册

本功能为预留功能,暂不支持注册 ^_^

Login

社交帐号登陆

使用以下任意帐号可登陆本站

Close section
Close

联系我们

关于5UCMS 您有任何需求 均可以留言给我们