过滤SQL非法字符并格式化html代码
来源:互联网 发布:js网易新闻滚动导航栏 编辑:程序博客网 时间:2024/05/04 21:30
加上SQL注入过滤代码,以前我也遇到过,再上以后就再也没有被注入过了!
我的过滤代码如下:
'过滤SQL非法字符并格式化html代码
function Replace_Text(fString)
Dim sqlIn,sqlinstr
if isnull(fString) then
Replace_Text=""
exit function
Else
sqlIn = "and|and%20|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare|or%20"
sqlinstr=Split(sqlIn,"|")
For m=0 To ubound(sqlinstr)
If InStr(LCase(fString),sqlinstr(m))>0 Then
fString=lcase(trim(fString))
End If
Next
fString=replace(fString,"'","‘")
fString=replace(fString,";",";")
fString=replace(fString,"--","—")
fString=replace(fString,"and","")
fString=replace(fString,"exec","")
fString=replace(fString,"insert","")
fString=replace(fString,"select","")
fString=replace(fString,"delete","")
fString=replace(fString,"update","")
fString=replace(fString,"and","")
fString=replace(fString,"*","")
fString=replace(fString,"chr","")
fString=replace(fString,"mid","")
fString=replace(fString,"master","")
fString=replace(fString,"truncate","")
fString=replace(fString,"char","")
fString=replace(fString,"declare","")
fString=replace(fString,"create","")
fString=server.htmlencode(fString)
fString=replace(fString,"<sup><small>","<sup><small>")
fString=replace(fString,"</small></sup>","</small></sup>")
fString=replace(fString,"<sub><small>","<sub><small>")
fString=replace(fString,"</small></sub>","</small></sub>")
Replace_Text=fString
end if
end function
- ASP过滤SQL非法字符并格式化html代码
- 过滤SQL非法字符并格式化html代码
- 过滤非法字符 一
- 过滤非法字符 二
- 过滤非法字符 三
- asp过滤非法字符
- Filter过滤非法字符
- 过滤非法字符
- 过滤非法字符
- 过滤非法字符问题
- 过滤非法字符
- java过滤非法字符
- 过滤xml非法字符
- 过滤非法字符
- servlet过滤非法字符
- dom4j 非法字符过滤
- 过滤非法字符函数
- 过滤文件名非法字符
- Asp.net笔试题
- 年终总结
- Replace Array with Object(以对象取代数组)
- 如果文字过长,则将过长的部分变成省略号,鼠标指向时显示全部
- JSP、AJax中文乱码问题解决,escape(), encodeURI(), encodeURIComponent(),js对参数连续两次调用 encodeURI(String) 方法
- 过滤SQL非法字符并格式化html代码
- 最近的世界变化很快,我都快跟不上了
- 前日就医见闻
- 站点导航控件TreeView
- 字符串相关类(一)String 类
- NetBeans 时事通讯(刊号 # 42 - Jan 20, 2009)
- 211团咋就那么好唬呢
- 从实例谈面向对象编程(OOP)、工厂模式和重构作
- 自己的可笑事情
