防SQL注入函数
程序代码:
函数部分========================================================================
程序代码:
函数部分========================================================================
'
------------------------------------------------
' 用途:检查是否为数字,以及数字是否超出范围
' 输入:检查字符,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),开始数字(默认数字),结束数字(为-1则不检查大小)
Function CheckNum(str_str,int_quest,int_startnum,int_endnum)
mystr = Trim (str_str)
Select Case int_quest
Case 1
istr = Request.Form(mystr)
Case 2
istr = Request.QueryString(mystr)
Case 3
istr = Request.Cookies(mystr)
Case 4
istr = Request(mystr)
Case Else
istr = mystr
End Select
istr = Left (istr, 32 )
If IsNumeric (istr) Then
iNum = CDbl (istr)
Else
iNum = int_startnum
End If
If int_endnum >- 1 Then
If iNum If iNum > int_endnum Then iNum = int_endnum
End If
CheckNum = iNum
End Function
' ------------------------------------------------
' 用途:检查过滤字符串
' 输入:字符串,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),检查方式(1不过滤html,2纯html,3标题过滤,4其他html过滤,),字符段截取长度
Function CheckStr(str_str,int_quest,int_type,int_strlen)
mystr = str_str
Select Case int_quest
Case 1
istr = Request.Form(mystr)
Case 2
istr = Request.QueryString(mystr)
Case 3
istr = Request.Cookies(mystr)
Case 4
istr = Request(mystr)
Case Else
istr = mystr
End Select
istr = "" & Trim (istr)
istr = Replace (istr, " ' " , " '' " )
Select Case int_type
Case 1
istr = Replace (istr, CHR ( 32 ), " " )
istr = Replace (istr, CHR ( 9 ), " " )
istr = Replace (istr, CHR ( 10 ) & CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 13 ), "" )
Case 2
istr = istr
Case 3
istr = Replace (istr, CHR ( 32 ), " " )
istr = Replace (istr, CHR ( 9 ), " " )
istr = Replace (istr, CHR ( 13 ), "" )
istr = Replace (istr, " < " , " < " )
istr = Replace (istr, " > " , " > " )
istr = Replace (istr, CHR ( 34 ), " "")
istr = Replace (istr, " " , " " )
istr = Replace (istr, CHR ( 39 ), " ' " )
Case Else
istr = Replace (istr, CHR ( 32 ), " " )
istr = Replace (istr, CHR ( 9 ), " " )
istr = Replace (istr, CHR ( 10 ) & CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 13 ), "" )
istr = Replace (istr, " < " , " < " )
istr = Replace (istr, " > " , " > " )
istr = Replace (istr, CHR ( 34 ), " "")
istr = Replace (istr, " " , " " )
istr = Replace (istr, CHR ( 39 ), " ' " )
End select
istr = CutStr(istr,int_strlen, "" )
CheckStr = istr
End Function
' ------------------------------------------------
' 用途:截取字符串
' 输入:字符串,字符段截取长度,超过部分字符
Function CutStr(str_str,int_strlen,str_addtrr)
Dim k,i
k = 0
For i = 1 to Len (str_str)
c = Abs ( Asc ( Mid (str_str,i, 1 )))
If c > 255 Then
k = k + 2
Else
k = k + 1
End If
If k >= int_strlen Then Exit For
Next
CutStr = Left (str_str,k) & str_addtrr
End Function
' 用途:检查是否为数字,以及数字是否超出范围
' 输入:检查字符,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),开始数字(默认数字),结束数字(为-1则不检查大小)
Function CheckNum(str_str,int_quest,int_startnum,int_endnum)
mystr = Trim (str_str)
Select Case int_quest
Case 1
istr = Request.Form(mystr)
Case 2
istr = Request.QueryString(mystr)
Case 3
istr = Request.Cookies(mystr)
Case 4
istr = Request(mystr)
Case Else
istr = mystr
End Select
istr = Left (istr, 32 )
If IsNumeric (istr) Then
iNum = CDbl (istr)
Else
iNum = int_startnum
End If
If int_endnum >- 1 Then
If iNum If iNum > int_endnum Then iNum = int_endnum
End If
CheckNum = iNum
End Function
' ------------------------------------------------
' 用途:检查过滤字符串
' 输入:字符串,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),检查方式(1不过滤html,2纯html,3标题过滤,4其他html过滤,),字符段截取长度
Function CheckStr(str_str,int_quest,int_type,int_strlen)
mystr = str_str
Select Case int_quest
Case 1
istr = Request.Form(mystr)
Case 2
istr = Request.QueryString(mystr)
Case 3
istr = Request.Cookies(mystr)
Case 4
istr = Request(mystr)
Case Else
istr = mystr
End Select
istr = "" & Trim (istr)
istr = Replace (istr, " ' " , " '' " )
Select Case int_type
Case 1
istr = Replace (istr, CHR ( 32 ), " " )
istr = Replace (istr, CHR ( 9 ), " " )
istr = Replace (istr, CHR ( 10 ) & CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 13 ), "" )
Case 2
istr = istr
Case 3
istr = Replace (istr, CHR ( 32 ), " " )
istr = Replace (istr, CHR ( 9 ), " " )
istr = Replace (istr, CHR ( 13 ), "" )
istr = Replace (istr, " < " , " < " )
istr = Replace (istr, " > " , " > " )
istr = Replace (istr, CHR ( 34 ), " "")
istr = Replace (istr, " " , " " )
istr = Replace (istr, CHR ( 39 ), " ' " )
Case Else
istr = Replace (istr, CHR ( 32 ), " " )
istr = Replace (istr, CHR ( 9 ), " " )
istr = Replace (istr, CHR ( 10 ) & CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 10 ), "
" )
istr = Replace (istr, CHR ( 13 ), "" )
istr = Replace (istr, " < " , " < " )
istr = Replace (istr, " > " , " > " )
istr = Replace (istr, CHR ( 34 ), " "")
istr = Replace (istr, " " , " " )
istr = Replace (istr, CHR ( 39 ), " ' " )
End select
istr = CutStr(istr,int_strlen, "" )
CheckStr = istr
End Function
' ------------------------------------------------
' 用途:截取字符串
' 输入:字符串,字符段截取长度,超过部分字符
Function CutStr(str_str,int_strlen,str_addtrr)
Dim k,i
k = 0
For i = 1 to Len (str_str)
c = Abs ( Asc ( Mid (str_str,i, 1 )))
If c > 255 Then
k = k + 2
Else
k = k + 1
End If
If k >= int_strlen Then Exit For
Next
CutStr = Left (str_str,k) & str_addtrr
End Function