主要代码如下:
function POP_sqlin(text)
if isnull(text) then
POP_sqlin=""
exit function
end if
dim Sqlwords
Set Sqlwords=new RegExp
Sqlwords.IgnoreCase =True
Sqlwords.Global=True
Sqlwords.Pattern="(')"
text=Sqlwords.Replace(text,"''")
Sqlwords.Pattern="(;)"
text=Sqlwords.Replace(text,";")
Sqlwords.Pattern="(%)"
text=Sqlwords.Replace(text,"%")
Sqlwords.Pattern="(and)"
text=Sqlwords.Replace(text,"and")
Sqlwords.Pattern="(exec)"
text=Sqlwords.Replace(text,"exec")
Sqlwords.Pattern="(execute)"
text=Sqlwords.Replace(text,"execute")
Sqlwords.Pattern="(insert)"
text=Sqlwords.Replace(text,"insert")
Sqlwords.Pattern="(select)"
text=Sqlwords.Replace(text,"select")
Sqlwords.Pattern="(delete)"
text=Sqlwords.Replace(text,"delete")
Sqlwords.Pattern="(update)"
text=Sqlwords.Replace(text,"update")
Sqlwords.Pattern="(count)"
text=Sqlwords.Replace(text,"count")
Sqlwords.Pattern="(chr)"
text=Sqlwords.Replace(text,"chr")
Sqlwords.Pattern="(mid)"
text=Sqlwords.Replace(text,"mid")
Sqlwords.Pattern="(master)"
text=Sqlwords.Replace(text,"master")
Sqlwords.Pattern="(truncate)"
text=Sqlwords.Replace(text,"truncate")
Sqlwords.Pattern="(char)"
text=Sqlwords.Replace(text,"char")
Sqlwords.Pattern="(declare)"
text=Sqlwords.Replace(text,"declare")
Set Sqlwords=Nothing
POP_sqlin = text
end function
function POP_sqlout(text)
if isnull(text) then
POP_sqlout=""
exit function
end if
text = Replace(text,"''","'")
text = Replace(text,";",";")
text = Replace(text,"%","%")
text = Replace(text,"and","and")
text = Replace(text,"exec","exec")
text = Replace(text,"execute","execute")
text = Replace(text,"insert","insert")
text = Replace(text,"select","select")
text = Replace(text,"delete","delete")
text = Replace(text,"update","update")
text = Replace(text,"count","count")
text = Replace(text,"chr","chr")
text = Replace(text,"mid","mid")
text = Replace(text,"master","master")
text = Replace(text,"truncate","truncate")
text = Replace(text,"char","char")
text = Replace(text,"declare","declare")
POP_sqlout = text
end function
function HTMLEncode(popstring)
if not isnull(popstring) then
popstring = POP_sqlout(popstring)
popstring = replace(popstring, ">", ">")
popstring = replace(popstring, "<", "<")
popstring = Replace(popstring, CHR(32), " ")
popstring = Replace(popstring, CHR(9), " ")
popstring = Replace(popstring, CHR(34), """)
popstring = Replace(popstring, CHR(39), "'")
popstring = Replace(popstring, CHR(10) & CHR(10), "</p><p> ")
popstring = Replace(popstring, CHR(10), "<br /> ")
popstring = Replace(popstring, CHR(36), "$")
HTMLEncode = popstring
end if
end function
使用方法:
把需要过滤的提交信息改为POP_sqlin(提交的信息)即可
在需要把信息还原时改为:Htmlencode(提交的信息)即可
站点统计
- 文章总数:180
- 评论总数:533
- 引用总数:1
- 浏览总数:570962
- 留言总数:85
- 当前主题:MsnSpace
- 当前样式:MsnSpace
站内搜索
文章归档
- 2008 November (3)
- 2008 October (4)
- 2008 September (1)
- 2008 August (2)
- 2008 July (4)
- 2008 June (3)
- 2008 May (4)
- 2008 April (8)
- 2008 March (4)
- 2008 February (3)
- 2008 January (3)
- 2007 December (7)
- 2007 November (13)
- 2007 October (8)
- 2007 September (1)
- 2007 August (6)
- 2007 July (6)
- 2007 June (5)
- 2007 May (2)
- 2007 April (2)
- 2007 March (2)
- 2007 February (6)
- 2007 January (1)
- 2006 December (4)
- 2006 November (4)
- 2006 October (8)
- 2006 September (2)
- 2006 August (3)
- 2006 July (6)
- 2006 June (15)
- 2006 May (2)
- 2006 April (6)
- 2006 March (8)
- 2006 February (2)
- 2006 January (2)
- 2005 December (3)
- 2005 November (3)
- 2005 October (6)
- 2005 September (8)
ASP中过滤SQL字符
作者:Erentan 时间:2006年2月27日
Tags: ASP SQL
- 相关文章:
一个空间绑定多域名的ASP代码 (2005-12-8 22:20:10)
ASP编程易犯的一个致命程序问题及解决办法 (2005-9-22 22:59:7)
ASP数据库简单操作教程浅析 (2005-9-22 21:26:53)
ASP做网页时需要注意的 (2005-9-20 21:16:27)
ASP六大对象全面讲解 (2005-9-19 15:11:6)
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。