ASP最新防SQL注入函数

刚整理的最新的ASP最新防SQL注入函数，拿出来和大家分享一下 首先简单介绍一下 String 里的一个方法：replace() replace( string , find , replacewith, start , count , compare) 解释一下下： string:要执行操作的字符串 find:旧的字符串 replacewith: 新的字符串 start:替换的开始位置 ，默认是1 count:替换的次数，默认是-1，表示所有可能的替换 compare:规定所使用的字符串比较类型，默认是0 （一共两个值0,和1；0是二进制比 较，1是文本比较） ------------------------------------------------------------ function checkstr(str) if isnull(str) then checkstr="" exit function end if str = replace(str,chr(0),"", 1, －1, 1) str = replace(str, """", """, 1, －1, 1) str = replace(str,"<；","<；", 1, －1, 1) str = replace(str,">；",">；", 1, －1, 1) str = replace(str, "script", "script", 1, －1, 0) str = replace(str, "script", "script", 1, －1, 0) str = replace(str, "script", "script", 1, －1, 0) str = replace(str, "script", "script", 1, －1, 1) str = replace(str, "object", "object", 1, －1, 0) str = replace(str, "object", "object", 1, －1, 0) str = replace(str, "object", "object", 1, －1, 0) str = replace(str, "object", "object", 1, －1, 1) str = replace(str, "applet", "applet", 1, －1, 0) str = replace(str, "applet", "applet", 1, －1, 0) str = replace(str, "applet", "applet", 1, －1, 0) str = replace(str, "applet", "applet", 1, －1, 1) str = replace(str, "[", "[") str = replace(str, "]", "]") str = replace(str, """", "", 1, －1, 1) str = replace(str, "=", "=", 1, －1, 1) str = replace(str, "’", "’’", 1, －1, 1) str = replace(str, "select", "select", 1, －1, 1) str = replace(str, "execute", "execute", 1, －1, 1) str = replace(str, "exec", "exec", 1, －1, 1) str = replace(str, "join", "join", 1, －1, 1) str = replace(str, "union", "union", 1, －1, 1) str = replace(str, "where", "where", 1, －1, 1) str = replace(str, "insert", "insert", 1, －1, 1) str = replace(str, "delete", "delete", 1, －1, 1) str = replace(str, "update", "update", 1, －1, 1) str = replace(str, "like", "like", 1, －1, 1) str = replace(str, "drop", "drop", 1, －1, 1) str = replace(str, "create", "create", 1, －1, 1) str = replace(str, "rename", "rename", 1, －1, 1) str = replace(str, "count", "count", 1, －1, 1) str = replace(str, "chr", "chr", 1, －1, 1) str = replace(str, "mid", "mid", 1, －1, 1) str = replace(str, "truncate", "truncate", 1, －1, 1) str = replace(str, "nchar", "nchar", 1, －1, 1) str = replace(str, "char", "char", 1, －1, 1) str = replace(str, "alter", "alter", 1, －1, 1) str = replace(str, "cast", "cast", 1, －1, 1) str = replace(str, "exists", "exists", 1, －1, 1) str = replace(str,chr(13),"<；br>；", 1, －1, 1) checkstr = replace(str,"’","’’", 1, －1, 1) end function