28,390
社区成员
发帖
与我相关
我的任务
分享
'对文本进行HTML编码过滤,并导入到数据库,代替
Function outHTML(str)
Dim sTemp
sTemp = str
outHTML = ""
If IsNull(sTemp) = True Then
Exit Function
End If
sTemp = Replace(sTemp, "&", "&")
sTemp = Replace(sTemp, "<", "<")
sTemp = Replace(sTemp, ">", ">")
sTemp = Replace(sTemp, Chr(34), """)
sTemp = Replace(sTemp, Chr(10), "<br>")
sTemp = replace(sTemp,chr(39),"’")
sTemp = replace(sTemp,chr(37),"‰")
outHTML = sTemp
End Function
'对数据库取出代码进行编码解析
Function inHTML(str)
Dim sTemp
sTemp = str
outHTML = ""
If IsNull(sTemp) = True Then
Exit Function
End If
'sTemp = Replace(sTemp, "&", "&")
sTemp = Replace(sTemp, "&", "&")
'sTemp = Replace(sTemp, "<", "<")
sTemp = Replace(sTemp, "<", "<")
'sTemp = Replace(sTemp, ">", ">")
sTemp = Replace(sTemp, ">", ">")
'sTemp = Replace(sTemp, Chr(34), """)
sTemp = Replace(sTemp, """, Chr(34))
'sTemp = Replace(sTemp, Chr(10), "<br>")
sTemp = Replace(sTemp, "<br>", Chr(10))
'sTemp = replace(sTemp, Chr(39),"’")
sTemp = replace(sTemp, "’",Chr(39))
'sTemp = replace(sTemp, Chr(37),"‰")
sTemp = replace(sTemp, "‰",Chr(37))
inHTML = sTemp
End Function
'防SQL注入
sub autiSql
Dim GetFlag Rem(提交方式)
Dim ErrorSql Rem(非法字符)
Dim RequestKey Rem(提交数据)
Dim ForI Rem(循环标记)
ErrorSql = "'|;|and|(|)|exec|update|count|*|%|chr|mid|master|truncate|char|declare" Rem(每个敏感字符或者词语请使用半角 "~" 格开)
ErrorSql = split(ErrorSql,"|")
If Request.ServerVariables("REQUEST_METHOD")="GET" Then
GetFlag=True
Else
GetFlag=False
End If
If GetFlag Then
For Each RequestKey In Request.QueryString
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.QueryString(RequestKey)),ErrorSql(ForI))<>0 Then
response.write "<script>alert(""警告:\n请不要使用敏感字符"");location.href=""/"";</script>"
Response.End
End If
Next
Next
Else
For Each RequestKey In Request.Form
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.Form(RequestKey)),ErrorSql(ForI))<>0 Then
response.write "<script>alert(""警告:\n请不要使用敏感字符"");location.href=""/"";</script>"
Response.End
End If
Next
Next
End If
end sub