网站地图
【www.gdgbn.com--php安全】
Public Function SafeSql(str)
Dim tempStr
tempStr = Trim(LCase(str))
If tempStr = "" Or IsNull(tempStr) Or IsEmpty(tempStr) Then
SafeSql = ""
Exit Function
End If
tempStr = Replace(tempStr,Chr(0),"")
tempStr = Replace(tempStr,Chr(13),"
")
tempStr = Replace(tempStr,"""",""")
tempStr = Replace(tempStr,"<","<")
tempStr = Replace(tempStr,">",">")
tempStr = Replace(tempStr,"*","*")
tempStr = Replace(tempStr,"%","%")
tempStr = Replace(tempStr,""","'")
tempStr = Replace(tempStr,"script","Script")
tempStr = Replace(tempStr,"object","Object")
tempStr = Replace(tempStr,"applet","Applet")
tempStr = Replace(tempStr,"select","select")
tempStr = Replace(tempStr,"execute","execute")
tempStr = Replace(tempStr,"exec","exec")
tempStr = Replace(tempStr,"join","join")
tempStr = Replace(tempStr,"union","union")
tempStr = Replace(tempStr,"where","where")
tempStr = Replace(tempStr,"insert","insert")
tempStr = Replace(tempStr,"delete","delete")
tempStr = Replace(tempStr,"update","update")
tempStr = Replace(tempStr,"like","like")
tempStr = Replace(tempStr,"drop","drop")
tempStr = Replace(tempStr,"create","create")
tempStr = Replace(tempStr,"rename","rename")
tempStr = Replace(tempStr,"count","count")
tempStr = Replace(tempStr,"chr","chr")
tempStr = Replace(tempStr,"mid","mid")
tempStr = Replace(tempStr,"truncate","truncate")
tempStr = Replace(tempStr,"nchar","nchar")
tempStr = Replace(tempStr,"char","char")
tempStr = Replace(tempStr,"alter","alter")
tempStr = Replace(tempStr,"cast","cast")
tempStr = Replace(tempStr,"exists","exists")
If tempStr = LCase(str) Then
SafeSql = str
Else
SafeSql = tempStr
End If
End Function
Public Function SelectSql(sqlStr)
If sqlStr = "" Or IsNull(sqlStr) Or IsEmpty(sqlStr) Then
SelectSql = True
Exit Function
End If
Dim errSqlStr,errSqlSplit,i,j
sqlStr = LCase(sqlStr)
errSqlStr = "insert,update,delete,create,drop,alter,rename"
errSqlSplit = Split(errSqlStr,",")
j = 0
For i = 0 To UBound(errSqlSplit)
If InStr(sqlStr,errSqlSplit(i)) <> 0 Then j = j + 1
Next
If j = 0 Then
SelectSql = True
Else
SelectSql = False
End If
End Function