应用开发 订阅所有【应用开发】的日志

ASP过滤SQL非法字符并格式化html代码

作者:wang 日期:2009-10-13

字体大小:
<%
function changechr(str)
changechr=replace(replace(replace(replace(str,"<","<"),">",">"),chr(13),"
")," "," ")
changechr=replace(replace(replace(replace(changechr,"[sayyes]","
",""),"[red]",""),"[big]","")
changechr=replace(replace(replace(replace(changechr,"[/sayyes]",">
"),"",""),"[/red]",""),"[/big]","")
end function

'过滤SQL非法字符并格式化html代码
function Replace_Text(fString)
if isnull(fString) then
Replace_Text=""
exit function
else
fString=trim(fString)
fString=replace(fString,"'","''")
fString=replace(fString,";",";")
fString=replace(fString,"--","—")
fString=server.htmlencode(fString)
Replace_Text=fString
end if
end function

'会员发布的各种信息过滤
'Function Replace_Text(fString)
'If Not IsNull(fString) Then
'fString = trim(fString)
'fString = replace(fString, ";", ";")     '分号过滤
'fString = replace(fString, "--", "——") '--过滤
'fString = replace(fString, "%20", "")    '特殊字符过滤
'fString = replace(fString, "==", "")     '==过滤
'fString = replace(fString, ">", ">")
'fString = replace(fString, "<", "<")
'fString = Replace(fString, CHR(32), " ")   ' 
'fString = Replace(fString, CHR(9), " ")    ' 
'fString = Replace(fString, CHR(34), """)
'fString = Replace(fString, CHR(39), "'") '单引号过滤
'fString = Replace(fString, CHR(13), "")
'fString = Replace(fString, CHR(10) & CHR(10), "

")
'fString = Replace(fString, CHR(10), "
")
'Replace_Text = fString
'End If
'End Function

'过滤SQL非法字符
Function checkStr(Chkstr)
dim Str:Str=Chkstr
if isnull(Str) then
   checkStr = ""
   exit Function
else
   Str=replace(Str,"'","")
   Str=replace(Str,";","")
   Str=replace(Str,"--","")
   checkStr=Str
end if
End Function

'检测传递的参数是否为数字型
Function Chkrequest(Para)
Chkrequest=False
If Not (IsNull(Para) or Trim(Para)="" or Not IsNumeric(Para)) Then
    Chkrequest=True
End If
End Function

'检测传递的参数是否为日期型
Function Chkrequestdate(Para)
Chkrequestdate=False
If Not (IsNull(Para) or Trim(Para)="" or Not IsDate(Para)) Then
    Chkrequestdate=True
End If
End Function

'得到当前页面的地址
Function GetUrl()
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & CheckStr(Request.ServerVariables("SERVER_NAME"))
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & CheckStr(Request.ServerVariables("SERVER_PORT"))
strTemp = strTemp & CheckStr(Request.ServerVariables("URL"))
If Trim(Request.QueryString) <> "" Then strTemp = strTemp & "?" & CheckStr(Trim(Request.QueryString))
GetUrl = strTemp
End Function

'Function CheckReferer()   '检查用户是否在浏览器里输入了本页的地址
'     Dim sReferer, Icheck
'     CheckReferer = True
'     sReferer = Request.ServerVariables("HTTP_REFERER")
'     ServerIP = Request.ServerVariables("LOCAL_ADDR")
'     Icheck = InStr(sReferer, "ServerIP")
'     If Icheck = 0 Then
'     CheckReferer = False
'     End If
'End Function

'日期格式化
Function FormatDate(DT,tp)
dim Y,M,D
Y=Year(DT)
M=month(DT)
D=Day(DT)
if M<10 then M="0"&M
if D<10 then D="0"&D
select case tp
case 1 FormatDate=Y&"年"&M&"月"&D&"日"
case 2 FormatDate=Y&"-"&M&"-"&D
end select
End Function

'不允许外部提交数据的选择
Function ChkPost()
     dim HTTP_REFERER,SERVER_NAME
dim server_v1,server_v2
chkpost=false
     SERVER_NAME=CheckStr(Request.ServerVariables("SERVER_NAME"))
HTTP_REFERER=CheckStr(Request.ServerVariables("HTTP_REFERER"))
server_v1=Cstr(HTTP_REFERER)
server_v2=Cstr(SERVER_NAME)
if mid(server_v1,8,len(server_v2))<>server_v2 then
   chkpost=false
else
   chkpost=true
end if
End Function

'构造上传图片文件名随机数
function MakedownName()
dim fname
fname = now()
fname = replace(fname,"-","")
fname = replace(fname," ","")
fname = replace(fname,":","")
fname = replace(fname,"PM","")
fname = replace(fname,"AM","")
fname = replace(fname,"上午","")
fname = replace(fname,"下午","")
fname = int(fname) + int((10-1+1)*Rnd + 1)
MakedownName=fname
end function

'Email检测
function IsValidEmail(email)
dim names, name, i, c
IsValidEmail = true
names = Split(email, "@")
if UBound(names) <> 1 then
    IsValidEmail = false
    exit function
end if
for each name in names
    if Len(name) <= 0 then
      IsValidEmail = false
      exit function
    end if
    for i = 1 to Len(name)
      c = Lcase(Mid(name, i, 1))
      if InStr("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 and not IsNumeric(c) then
        IsValidEmail = false
        exit function
      end if
    next
    if Left(name, 1) = "." or Right(name, 1) = "." then
       IsValidEmail = false
       exit function
    end if
next
if InStr(names(1), ".") <= 0 then
    IsValidEmail = false
    exit function
end if
i = Len(names(1)) - InStrRev(names(1), ".")
if i <> 2 and i <> 3 then
    IsValidEmail = false
    exit function
end if
if InStr(email, "..") > 0 then
    IsValidEmail = false
end if
end function


上一篇: ASP汉字编码互转
下一篇: ASP过滤SQL非法字符并格式化html
文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
相关日志:
评论: 0 | 引用: 0 | 查看次数: 2441
发表评论
昵 称:
密 码: 游客发言不需要密码.
邮 箱: 邮件地址支持Gravatar头像,邮箱地址不会公开.
网 址: 输入网址便于回访.
内 容:
验证码:
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 300 字 | UBB代码 开启 | [img]标签 关闭