-
<%
-
'******************************
-
'函数:CheckStr(byVal ChkStr)
-
'参数:ChkStr,待验证的字符
-
'作者:阿里西西
-
'日期:2007/7/15
-
'描述:对SQL注入危险字符进行重编码处理
-
'示例:CheckStr("and 1=1 or select * from")
-
'******************************
-
Function CheckStr(byVal ChkStr)
-
Dim Str:Str=ChkStr
-
Str=Trim(Str)
-
If IsNull(Str) Then
-
CheckStr = ""
-
Exit Function
-
End If
-
Dim re
-
Set re=new RegExp
-
re.IgnoreCase =True
-
re.Global=True
-
re.Pattern="(\r\n){3,}"
-
Str=re.Replace(Str,"$1$1$1")
-
Set re=Nothing
-
Str = Replace(Str,"'","''")
-
Str = Replace(Str, "select", "select")
-
Str = Replace(Str, "join", "join")
-
Str = Replace(Str, "union", "union")
-
Str = Replace(Str, "where", "where")
-
Str = Replace(Str, "insert", "insert")
-
Str = Replace(Str, "delete", "delete")
-
Str = Replace(Str, "update", "update")
-
Str = Replace(Str, "like", "like")
-
Str = Replace(Str, "drop", "drop")
-
Str = Replace(Str, "create", "create")
-
Str = Replace(Str, "modify", "modify")
-
Str = Replace(Str, "rename", "rename")
-
Str = Replace(Str, "alter", "alter")
-
Str = Replace(Str, "cast", "cast")
-
CheckStr=Str
-
End Function
-
-
'反编上面函数处理过的字符串
-
-
Function UnCheckStr(Str)
-
Str = Replace(Str, "select", "select")
-
Str = Replace(Str, "join", "join")
-
Str = Replace(Str, "union", "union")
-
Str = Replace(Str, "where", "where")
-
Str = Replace(Str, "insert", "insert")
-
Str = Replace(Str, "delete", "delete")
-
Str = Replace(Str, "update", "update")
-
Str = Replace(Str, "like", "like")
-
Str = Replace(Str, "drop", "drop")
-
Str = Replace(Str, "create", "create")
-
Str = Replace(Str, "modify", "modify")
-
Str = Replace(Str, "rename", "rename")
-
Str = Replace(Str, "alter", "alter")
-
Str = Replace(Str, "cast", "cast")
-
UnCheckStr=Str
-
End Function
-
%>