网站地图
【www.gdgbn.com--php安全】
"**************************************************
"函数名:ReplaceBadChar
"作 用:过滤非法的SQL字符
"参 数:strChar-----要过滤的字符
"返回值:过滤后的字符
"**************************************************
function ReplaceBadChar(strChar)
if strChar="" then
ReplaceBadChar=""
else
ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(replace(strChar,""",""),"*",""),"?",""),"(",""),")",""),"<",""),".",""),"%","")
end if
end function
"**************************************************
"函数名:CheckBadChar
"作 用:检查非法字符
"参 数:strChar-----要检查的字符
"返回值:检查后的字符 有非法的为True
"作 者: designed by jeanun
"**************************************************
function CheckBadChar(strChar)
if Instr(strChar,"=")>0 or Instr(strChar,"%")>0 or Instr(strChar,"?")>0 or Instr(strChar,"&")>0 or Instr(strChar,";")>0 or Instr(strChar,",")>0 or Instr(strChar,""")>0 or Instr(strChar,",")>0 or Instr(strChar,chr(34))>0 or Instr(strChar,chr(9))>0 or Instr(strChar,"$")>0 then
CheckBadChar = true
else
CheckBadChar = false
end if
end function
"**************************************************
"函数名:SafeRequest
"作 用:安全的Request,只能取得[数字]
"参 数:strChar-----字段名称
"返回值:检查后的读取字符
"作 者: designed by jeanun
"**************************************************
function SafeRequest(strChar)
strChar = Trim(Request(""& strChar &""))
if CheckBadChar(strChar) = True Or IsNumeric(strChar) = False then
Response.Write("<script>alert("请不要试图对网站非常规操作");history.go(-1)</script>")
Response.End()
else
SafeRequest = strChar
end if
end function