過濾非法的SQL字符,防止sql注入等。裡面的體會思路主要運用了批量替換,是個不錯的思路。複製代碼代碼如下:
'************************************************* *
'函數名稱:R
'作用:過濾非法的SQL字符
'參數:strChar-----要過濾的字符
'傳回值:過濾後的字符
'************************************************* *
Public Function R(strChar)
If strChar = Or IsNull(strChar) Then R = :Exit Function
Dim strBadChar, arrBadChar, tempChar, I
'strBadChar = $,#,',%,^,&,?,(,),<,>,[,],{,},/,/,;,:, & Chr(34) & , & Chr (0) &
strBadChar = +,',--,%,^,&,?,(,),<,>,[,],{,},/,/,;,:, & Chr(34) & , & Chr (0) &
arrBadChar = Split(strBadChar, ,)
tempChar = strChar
為 I = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(I), )
Next
tempChar = Replace(tempChar, @@, @)
R = tempChar
End Function
'過濾xss
Function CheckXSS(ByVal strCode)
Dim Re
Set re=new RegExp
re.IgnoreCase =True
re.Global=True
re.Pattern=<.[^>]*(style).>
strCode = re.Replace(strCode, )
re.Pattern=<(a.[^>]*|//a|li|br|B|//li|//B|font.[^>]*|//font)>
strCode=re.Replace(strCode,[$1])
strCode=Replace(Replace(strCode, <, <), >, >)
re.Pattern=/[(a.[^/]]*|//a|li|br|B|//li|//B|font.[^/]]*|//font)/]
strCode=re.Replace(strCode,<$1>)
re.Pattern=<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>
strCode = re.Replace(strCode, )
Set Re=Nothing
CheckXSS=strCode
End Function
Function FilterIDs(byval strIDs)
Dim arrIDs,i,strReturn
strIDs=Trim(strIDs)
If Len(strIDs)=0 Then Exit Function
arrIDs=Split(strIDs,,)
For i=0 To Ubound(arrIds)
If ChkClng(Trim(arrIDs(i)))<>0 Then
strReturn=strReturn & , & Int(arrIDs(i))
End If
Next
If Left(strReturn,1)=, Then strReturn=Right(strReturn,Len(strReturn)-1)
FilterIDs=strReturn
End Function