<% '****************************** '函数：CheckStr(byVal ChkStr) '参数：ChkStr,待验证的字符 '作者：阿里西西 '日期：2007/7/15 '描述：对SQL注入危险字符进行重编码处理 '示例：CheckStr("and 1=1 or select * from") '****************************** Function CheckStr(byVal ChkStr) Dim Str:Str=ChkStr Str=Trim(Str) If IsNull(Str) Then CheckStr = "" Exit Function End If Dim re Set re=new RegExp re.IgnoreCase =True re.Global=True re.Pattern="(rn){3,}" Str=re.Replace(Str,"$1$1$1") Set re=Nothing Str = Replace(Str,"'","''") Str = Replace(Str, "select", "select") Str = Replace(Str, "join", "join") Str = Replace(Str, "union", "union") Str = Replace(Str, "where", "where") Str = Replace(Str, "insert", "insert") Str = Replace(Str, "delete", "delete") Str = Replace(Str, "update", "update") Str = Replace(Str, "like", "like") Str = Replace(Str, "drop", "drop") Str = Replace(Str, "create", "create") Str = Replace(Str, "modify", "modify") Str = Replace(Str, "rename", "rename") Str = Replace(Str, "alter", "alter") Str = Replace(Str, "cast", "cast") CheckStr=Str End Function '反编上面函数处理过的字符串 Function UnCheckStr(Str) Str = Replace(Str, "select", "select") Str = Replace(Str, "join", "join") Str = Replace(Str, "union", "union") Str = Replace(Str, "where", "where") Str = Replace(Str, "insert", "insert") Str = Replace(Str, "delete", "delete") Str = Replace(Str, "update", "update") Str = Replace(Str, "like", "like") Str = Replace(Str, "drop", "drop") Str = Replace(Str, "create", "create") Str = Replace(Str, "modify", "modify") Str = Replace(Str, "rename", "rename") Str = Replace(Str, "alter", "alter") Str = Replace(Str, "cast", "cast") UnCheckStr=Str End Function %>

　　推荐阅读

　　asp重定向页面的方法总结

返回上一页，一般用在判断信息提交是否完全之后<% '****************************** '函数：GoBack() '参数：无 '作者：阿里西西 '日期：2007/7/13 '描述：返回上一页，一般用在判断信息提交是否完全之后 '示例：<>>>详细阅读

本文标题：asp 实现对SQL注入危险字符进行重编码处理的函数

地址：http://www.17bianji.com/kaifa2/ASP/32482.html

 1/2    1