ASP安全检测与过滤函数SafeCheck


作用:安全字符串检测函数
'名字:SafeCheck
'参数:CheckString,CheckType,CheckLength
'说明:
'Checkstring待检测字符串:任意字符.
'CheckType检测类型0正常短字符1数字2日期3金钱4编码HTML5解码HTML6登录字符串7防攻击检测
'CheckLength检测类型长度:类型为int,当为金钱时为小数点的位置
'返回值:如果通过检测,返回正确字符串,
'如果未通过则返回错误代码SYSTEM_ERROR|ERROR_CODE
'script Writen by :SnowDu(杜雪.NET)
'Web:http://www.snsites.com/
'Web:http://www.domain.com/
'-------------------------------------------
function SafeCheck(CheckString,CheckType,CheckLength)
On Error Resume Next
ErrorRoot="SYSTEM_ERROR|"
if checkString="" then
SafeCheck=ErrorRoot&"00001"
exit function
end if
CheckString=Replace(CheckString,"'","'")
select case CheckType
case 0
CheckString=trim(CheckString)
SafeCheck=Left(CheckString,CheckLength)
case 1
if not isnumberic(CheckString) then
 SafeCheck=ErrorRoot&"00002"
 exit function
else
 SafeCheck=Left(CheckString,CheckLength)
end if
case 2
tempVar=IsDate(CheckString)
if Not TempVar then
 SafeCheck=ErrorRoot&"00003"
 exit function
else
 select case CheckLength
 case 0
  SafeCheck=FormatDateTime(CheckString,vbShortDate)
 case 1
  SafeCheck=FormatDateTime(CheckString,vbLongDate)
 case 2
  SafeCheck=CheckString
 end select
end if
case 3
tempVar=FormatCurrency(CheckString,0)
if Err then
 SafeCheck=ErrorRoot&"00004"
 exit function
else
 SafeCheck=FormatCurrency(CheckString,CheckLength)
end if
case 4
sTemp = CheckString
If IsNull(sTemp) = True Then
 SafeCheck=ErrorRoot&"00005"
 Exit Function
End If
sTemp = Replace(sTemp, "&", "&")
sTemp = Replace(sTemp, "<", "<")
sTemp = Replace(sTemp, ">", ">")
sTemp = Replace(sTemp, Chr(34), """)
sTemp = Replace(sTemp, Chr(10), "<br>")
SafeCheck = Left(sTemp,CheckLength)
case 5
sTemp = CheckString
If IsNull(sTemp) = True Then
 SafeCheck=ErrorRoot&"00006"
 Exit Function
End If
sTemp = Replace(sTemp, "&", "&")
sTemp = Replace(sTemp, "<", "<")
sTemp = Replace(sTemp, ">", ">")
sTemp = Replace(sTemp, """, Chr(34))
sTemp = Replace(sTemp, "<br>",Chr(10))
SafeCheck = Left(sTemp,CheckLength)
case 6
s_BadStr = "'  &<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32)
n = Len(s_BadStr)
IsSafeStr = True
For i = 1 To n
 If Instr(CheckString, Mid(s_BadStr, i, 1)) > 0 Then
  IsSafeStr = False
 End If
Next
if IsSafeStr then
 SafeCheck=left(CheckString,CheckLength)
else
 SafeCheck=ErrorRoot&"00007"
 Exit Function
end if
case 7
s_Filter="net user|xp_cmdshell|/add|select|count|asc|char|mid|'|""|"
S_Filter=S_Filter&"insert|delete|drop|truncate|from|%|declare|-"
S_Filters=split(S_Filter,"|")
isFound=false
for i=0 to ubound(S_Filters)-1
 if Instr(lcase(CheckString),lcase(S_Filters(i)))<>0 then
  isFound=true
  exit for
 end if
next
if isFound then
 SafeCheck=ErrorRoot&"00008"
 Exit Function
else
 SafeCheck=left(CheckString,CheckLength)
end if
end select
end function



相关阅读:
在网页中屏蔽快捷键
Wordpress 显示主题图片的实现代码
javaScript事件使用方法
CSS经典技巧20条总结
Vista组策略实现对指定分区的隐藏和限制
ISA S和Exchange S装在同一win2k s上.如何才能向internet发布
Linux 中动态重新配置和调整介绍
用asp实现的截取指定格式字符串的代码
详细讲解JS节点知识
SQLserver 实现分组统计查询(按月、小时分组)
在web上管理MySQL:phpMyAdmin使用讲解
“疯狂的企鹅” 看Linux安全的未来
PHP与javascript对多项选择的处理
如何在Jsp中使用JDBC来联结MySql
快速导航

Copyright © 2016 phpStudy | 皖ICP备18014864号-4