asp下过滤非法的SQL字符的函数代码


            复制代码 代码如下:'************************************************** '函数名：R '作 用：过滤非法的SQL字符 '参 数：strChar-----要过滤的字符 '返回值：过滤后的字符 '************************************************** Public Function R(strChar) If strChar = "" Or IsNull(strChar) Then R = "":Exit Function Dim strBadChar, arrBadChar, tempChar, I 'strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & "" strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & "" arrBadChar = Split(strBadChar, ",") tempChar = strChar For I = 0 To UBound(arrBadChar) tempChar = Replace(tempChar, arrBadChar(I), "") Next tempChar = Replace(tempChar, "@@", "@") R = tempChar End Function '过滤xss Function CheckXSS(ByVal strCode) Dim Re Set re=new RegExp re.IgnoreCase =True re.Global=True re.Pattern="<.[^>]*(style).>" strCode = re.Replace(strCode, "") re.Pattern="<(a.[^>]*|\/a|li|br|B|\/li|\/B|font.[^>]*|\/font)>" strCode=re.Replace(strCode,"[$1]") strCode=Replace(Replace(strCode, "<", "<"), ">", ">") re.Pattern="\[(a.[^\]]*|\/a|li|br|B|\/li|\/B|font.[^\]]*|\/font)\]" strCode=re.Replace(strCode,"<$1>") re.Pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>" strCode = re.Replace(strCode, "") Set Re=Nothing CheckXSS=strCode End Function Function FilterIDs(byval strIDs) Dim arrIDs,i,strReturn strIDs=Trim(strIDs) If Len(strIDs)=0 Then Exit Function arrIDs=Split(strIDs,",") For i=0 To Ubound(arrIds) If ChkClng(Trim(arrIDs(i)))<>0 Then strReturn=strReturn & "," & Int(arrIDs(i)) End If Next If Left(strReturn,1)="," Then strReturn=Right(strReturn,Len(strReturn)-1) FilterIDs=strReturn End Function