<%
'******************************
'函数:CheckStr(byValChkStr)
'参数:ChkStr,待验证的字符
'作者:阿里西西
'日期:2007/7/15
'描述:对SQL注入危险字符进行重编码处理
'示例:CheckStr("and1=1orselect*from")
'******************************
FunctionCheckStr(byValChkStr)
DimStr:Str=ChkStr
Str=Trim(Str)
IfIsNull(Str)Then
CheckStr=""
ExitFunction
EndIf
Dimre
Setre=newRegExp
re.IgnoreCase=True
re.Global=True
re.Pattern="(rn){3,}"
Str=re.Replace(Str,"$1$1$1")
Setre=Nothing
Str=Replace(Str,"'","''")
Str=Replace(Str,"select","sel")
Str=Replace(Str,"join","jo")
Str=Replace(Str,"union","un")
Str=Replace(Str,"where","wh")
Str=Replace(Str,"insert","ins")
Str=Replace(Str,"delete","del")
Str=Replace(Str,"update","up")
Str=Replace(Str,"like","lik")
Str=Replace(Str,"drop","dro")
Str=Replace(Str,"create","cr")
Str=Replace(Str,"modify","mod")
Str=Replace(Str,"rename","ren")
Str=Replace(Str,"alter","alt")
Str=Replace(Str,"cast","ca")
CheckStr=Str
EndFunction
'反编上面函数处理过的字符串
FunctionUnCheckStr(Str)
Str=Replace(Str,"sel"select")
Str=Replace(Str,"jo")
Str=Replace(Str,"un"union")
Str=Replace(Str,"wh"where")
Str=Replace(Str,"ins"insert")
Str=Replace(Str,"del"delete")
Str=Replace(Str,"up"update")
Str=Replace(Str,"lik")
Str=Replace(Str,"dro")
Str=Replace(Str,"cr"create")
Str=Replace(Str,"mod"modify")
Str=Replace(Str,"ren"rename")
Str=Replace(Str,"alt"alter")
Str=Replace(Str,"ca")
UnCheckStr=Str
EndFunction
%>
【asp 实现对SQL注入危险字符进行重编码处理的函数】相关文章: