asp 实现对SQL注入危险字符进行重编码处理的函数


<%
'******************************
'函数:CheckStr(byVal ChkStr)
'参数:ChkStr,待验证的字符
'作者:阿里西西
'日期:2007/7/15
'描述:对SQL注入危险字符进行重编码处理
'示例:CheckStr("and 1=1 or select * from")
'******************************
Function CheckStr(byVal ChkStr)
Dim Str:Str=ChkStr
Str=Trim(Str)
If IsNull(Str) Then
CheckStr = ""
Exit Function
End If
Dim re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern="(\r\n){3,}"
Str=re.Replace(Str,"$1$1$1")
Set re=Nothing
Str = Replace(Str,"'","''")
Str = Replace(Str, "select", "select")
Str = Replace(Str, "join", "join")
Str = Replace(Str, "union", "union")
Str = Replace(Str, "where", "where")
Str = Replace(Str, "insert", "insert")
Str = Replace(Str, "delete", "delete")
Str = Replace(Str, "update", "update")
Str = Replace(Str, "like", "like")
Str = Replace(Str, "drop", "drop")
Str = Replace(Str, "create", "create")
Str = Replace(Str, "modify", "modify")
Str = Replace(Str, "rename", "rename")
Str = Replace(Str, "alter", "alter")
Str = Replace(Str, "cast", "cast")
CheckStr=Str
End Function

'反编上面函数处理过的字符串

Function UnCheckStr(Str)
Str = Replace(Str, "select", "select")
Str = Replace(Str, "join", "join")
Str = Replace(Str, "union", "union")
Str = Replace(Str, "where", "where")
Str = Replace(Str, "insert", "insert")
Str = Replace(Str, "delete", "delete")
Str = Replace(Str, "update", "update")
Str = Replace(Str, "like", "like")
Str = Replace(Str, "drop", "drop")
Str = Replace(Str, "create", "create")
Str = Replace(Str, "modify", "modify")
Str = Replace(Str, "rename", "rename")
Str = Replace(Str, "alter", "alter")
Str = Replace(Str, "cast", "cast")
UnCheckStr=Str
End Function
%>



相关阅读:
用户体验第一 font-size放弃px选择em
简单学习认识HTML5标签
ASP.NET程序防范SQL注入式攻击的方法
PHP下10件你也许并不了解的事情
CSS实现样式布局实用技巧大集合
ASP.NET编译执行常见错误及解决方法汇总
Ubuntu的虚拟控制台实现中文
Oracle用户权限分配方法介绍
解密效果
php动态生成JavaScript代码
HTML 基本语法
从三方面加速CSS样式作用网页速度
JS URL传中文参数引发的乱码问题
php面向对象全攻略 (九)访问类型
快速导航

Copyright © 2016 phpStudy | 皖ICP备18014864号-4