最近休息,没事情看了几个黑客网站上的内容(都是因为我的网站最近已经被些无聊人士搞过两三次,而且每次的手段都不同,也看得出各自水平都不一样。前段时间比较忙,没多少时间来这里。现在闲下来,今天发现这个东西,贴出来给大家做个参考,函数本身是很简单,主要是看它的思路怎么样?)
NB叶子的一些防SQL函数
|
程序代码:
函数部分'用途:检查是否为数字,以及数字是否超出范围
'输入:检查字符,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),开始数字(默认数字),结束数字(为-1则不检查大小) Function CheckNum(str_str,int_quest,int_startnum,int_endnum) mystr=Trim(str_str) Select Case int_quest Case 1 istr=Request.Form(mystr) Case 2 istr=Request.QueryString(mystr) Case 3 istr=Request.Cookies(mystr) Case 4 istr=Request(mystr) Case Else istr=mystr End Select istr=Left(istr,32) If IsNumeric(istr) Then iNum=CDbl(istr) Else iNum=int_startnum End If If int_endnum>-1Then If iNum<int_startnum Then iNum=int_startnum If iNum>int_endnum Then iNum=int_endnum End If CheckNum=iNum End Function '------------------------------------------------ '用途:检查过滤字符串 '输入:字符串,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),检查方式(1不过滤html,2纯html,3标题过滤,4其他html过滤,),字符段截取长度 Function CheckStr(str_str,int_quest,int_type,int_strlen) mystr=str_str Select Case int_quest Case 1 istr=Request.Form(mystr) Case 2 istr=Request.QueryString(mystr) Case 3 istr=Request.Cookies(mystr) Case 4 istr=Request(mystr) Case Else istr=mystr End Select istr=""&Trim(istr) istr=Replace(istr,"'","''") Select Case int_type Case 1 istr=Replace(istr,CHR(32)," ") istr=Replace(istr,CHR(9)," ") istr=Replace(istr,CHR(10) & CHR(10),"</P><P> ") istr=Replace(istr,CHR(10),"<BR> ") istr=Replace(istr,CHR(13),"") Case 2 istr=istr Case 3 istr=Replace(istr,CHR(32)," ") istr=Replace(istr,CHR(9)," ") istr=Replace(istr,CHR(13), "") istr=Replace(istr,"<","<") istr=Replace(istr,">",">") istr=Replace(istr,CHR(34),""") istr=Replace(istr," "," ") istr=Replace(istr,CHR(39), "'") Case Else istr=Replace(istr,CHR(32)," ") istr=Replace(istr,CHR(9)," ") istr=Replace(istr,CHR(10) & CHR(10), "</P><P> ") istr=Replace(istr,CHR(10), "<BR> ") istr=Replace(istr,CHR(13), "") istr=Replace(istr,"<","<") istr=Replace(istr,">",">") istr=Replace(istr,CHR(34),""") istr=Replace(istr," "," ") istr=Replace(istr,CHR(39), "'") End select istr=CutStr(istr,int_strlen,"") CheckStr=istr End Function '------------------------------------------------ '用途:截取字符串 '输入:字符串,字符段截取长度,超过部分字符 Function CutStr(str_str,int_strlen,str_addtrr) Dim k,i k=0 For i=1 to Len(str_str) c=Abs(Asc(Mid(str_str,i,1))) If c>255 Then k=k+2 Else k=k+1 End If If k>=int_strlen Then Exit For Next CutStr=Left(str_str,k)&str_addtrr End Function |