防SQL注入函數
程序代碼:
函數部分========================================================================
'------------------------------------------------
'用途:檢查是否為數字,以及數字是否超出范圍
'輸入:檢查字符,傳值方式(0直接傳,1取Form,2取QueryString,3取cookIEs,4直接Reqeust),開始數字(默認數字),結束數字(為-1則不檢查大小)
Function CheckNum(str_str,int_quest,int_startnum,int_endnum)
mystr=Trim(str_str)
Select Case int_quest
Case 1
istr=Request.Form(mystr)
Case 2
istr=Request.QueryString(mystr)
Case 3
istr=Request.CookIEs(mystr)
Case 4
istr=Request(mystr)
Case Else
istr=mystr
End Select
istr=Left(istr,32)
If IsNumeric(istr) Then
iNum=CDbl(istr)
Else
iNum=int_startnum
End If
If int_endnum>-1Then
If iNum If iNum>int_endnum Then iNum=int_endnum
End If
CheckNum=iNum
End Function
'------------------------------------------------
'用途:檢查過濾字符串
'輸入:字符串,傳值方式(0直接傳,1取Form,2取QueryString,3取cookIEs,4直接Reqeust),檢查方式(1不過濾html,2純html,3標題過濾,4其他Html過濾,),字符段截取長度
Function CheckStr(str_str,int_quest,int_type,int_strlen)
mystr=str_str
Select Case int_quest
Case 1
istr=Request.Form(mystr)
Case 2
istr=Request.QueryString(mystr)
Case 3
istr=Request.CookIEs(mystr)
Case 4
istr=Request(mystr)
Case Else
istr=mystr
End Select
istr=""&Trim(istr)
istr=Replace(istr,"'","''")
Select Case int_type
Case 1
istr=Replace(istr,CHR(32)," ")
istr=Replace(istr,CHR(9)," ")
istr=Replace(istr,CHR(10) & CHR(10),"
")
istr=Replace(istr,CHR(10),"
")
istr=Replace(istr,CHR(13),"")
Case 2
istr=istr
Case 3
istr=Replace(istr,CHR(32)," ")
istr=Replace(istr,CHR(9)," ")
istr=Replace(istr,CHR(13), "")
istr=Replace(istr,"<","<")
istr=Replace(istr,">",">")
istr=Replace(istr,CHR(34),""")
istr=Replace(istr," "," ")
istr=Replace(istr,CHR(39), "'")
Case Else
istr=Replace(istr,CHR(32)," ")
istr=Replace(istr,CHR(9)," ")
istr=Replace(istr,CHR(10) & CHR(10), "
")
istr=Replace(istr,CHR(10), "
")
istr=Replace(istr,CHR(13), "")
istr=Replace(istr,"<","<")
istr=Replace(istr,">",">")
istr=Replace(istr,CHR(34),""")
istr=Replace(istr," "," ")
istr=Replace(istr,CHR(39), "'")
End select
istr=CutStr(istr,int_strlen,"")
CheckStr=istr
End Function
'------------------------------------------------
'用途:截取字符串
輸入:字符串,字符段截取長度,超過部分字符
Function CutStr(str_str,int_strlen,str_addtrr)
Dim k,i
k=0
For i=1 to Len(str_str)
c=Abs(Asc(Mid(str_str,i,1)))
If c>255 Then
k=k+2
Else
k=k+1
End If
If k>=int_strlen Then Exit For
Next
CutStr=Left(str_str,k)&str_addtrr
End Function