非法字符替换,防SQL注入(asp)

'===============================
'函数名:CheckStr(byVal ChkStr)
'作用:非法字符替换,防SQL注入
'=============================== 
Function CheckStr(byVal ChkStr)
 Dim Str:Str=ChkStr
 Str=Trim(Str)
 If IsNull(Str) Then
  CheckStr = ""
  Exit Function
 End If
 Dim re
 Set re=new RegExp
 re.IgnoreCase =True
 re.Global=True
 re.Pattern="(/r/n){3,}"
 Str=re.Replace(Str,"$1$1$1")
 Set re=Nothing  'net localgroup administrators
 Str = Replace(Str,"net localgroup administrators","net localgroup administrators")
 Str = Replace(Str,"exec%20master.dbo.xp_cmdshell","exec%20master.dbo.xp_cmdshell")
 Str = Replace(Str,"/add","/add")
 Str = Replace(Str,"xp_cmdshell","xp_cmdshell")
 Str = Replace(Str,"net user","net user")
 Str = Replace(Str,"'","''")
 Str = Replace(Str, "select", "select")
 Str = Replace(Str, "join", "join")
 Str = Replace(Str, "union", "union")
 Str = Replace(Str, "where", "where")
 Str = Replace(Str, "insert", "insert")
 Str = Replace(Str, "delete", "delete")
 Str = Replace(Str, "update", "update")
 Str = Replace(Str, "like", "like")
 Str = Replace(Str, "drop", "drop")
 Str = Replace(Str, "create", "create")
 Str = Replace(Str, "modify", "modify")
 Str = Replace(Str, "rename", "rename")
 Str = Replace(Str, "alter", "alter")
 Str = Replace(Str, "cast", "cast")
 CheckStr=Str
End Function 
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值