您所在的位置:小祥子 » 编程 » ASP » 正文

ASP过滤不安全字符串代码

时间:2015-02-12 编辑:本站 来源:本站原创

这里收集了一些常用的SQL语句中的不安全字符,也就是用户在提交数据的时候,可以用这个函数。这个函数只会将不安全的字符串替换掉。

使用方法 CheckStr(用户提交的数据)

Function CheckStr(str)
 CheckStr=replace(replace(replace(replace(str,"<","<"),">",">"),chr(13),"")," ","")
 CheckStr=replace(replace(replace(replace(CheckStr,"'",""),"and",""),"insert",""),"set","")
 CheckStr=replace(replace(replace(replace(CheckStr,"select",""),"update",""),"delete",""),chr(34),"")
 CheckStr=replace(replace(replace(replace(CheckStr,"*",""),"=",""),"mid",""),"count","")
 CheckStr=replace(replace(replace(replace(CheckStr,"%",""),",",""),"union",""),"where","")
 CheckStr=replace(replace(replace(replace(replace(CheckStr,"(",""),")",""),Chr(0),""),"+",""),";","")
end Function

关键词:过滤 安全 字符串