我们在注册的时候经常需要判断客户输入的内容是否合法,或者在页面传递参数的时候要判断,是否有客户恶意添加参数进行SQL注入等,这就需要1个函数去判断检测。
' ============================================' 判断是否安全字符串,在注册登录等特殊字段中使用' ============================================Function IsSafeStr(str) Dim s_BadStr, n, i s_BadStr = "' &?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32) n = Len(s_BadStr) IsSafeStr = True For i = 1 To n If Instr(str, Mid(s_BadStr, i, 1)) > 0 Then IsSafeStr = False Exit Function End If NextEnd Function
大家可以自行添加BadStr字符串里面的字符,增加你想要过滤的字符即可。
下面是其他网友的补充
'===================================== '转换内容,防止意外 '===================================== Function Content_Encode(ByVal t0) IF IsNull(t0) Or Len(t0)=0 Then Content_Encode="" Else Content_Encode=Replace(t0,"",">") End IF End Function '===================================== '反转换内容 '===================================== Function Content_Decode(ByVal t0) IF IsNull(t0) Or Len(t0)=0 Then Content_Decode="" Else Content_Decode=Replace(t0,"<","") End IF End Function '===================================== '过滤字符 '===================================== Function FilterText(ByVal t0,ByVal t1) IF Len(t0)=0 Or IsNull(t0) Or IsArray(t0) Then FilterText="":Exit Function t0=Trim(t0) Select Case t1 Case "1" t0=Replace(t0,Chr(32),"") t0=Replace(t0,Chr(13),"") t0=Replace(t0,Chr(10)&Chr(10),"
") t0=Replace(t0,Chr(10),"
") Case "2" t0=Replace(t0,Chr(8),"")'回格 t0=Replace(t0,Chr(9),"")'tab(水平制表符) t0=Replace(t0,Chr(10),"")'换行 t0=Replace(t0,Chr(11),"")'tab(垂直制表符) t0=Replace(t0,Chr(12),"")'换页 t0=Replace(t0,Chr(13),"")'回车 chr(13)&chr(10) 回车和换行的组合 t0=Replace(t0,Chr(22),"") t0=Replace(t0,Chr(32),"")'空格 SPACE t0=Replace(t0,Chr(33),"")'! t0=Replace(t0,Chr(34),"")'" t0=Replace(t0,Chr(35),"")'# t0=Replace(t0,Chr(36),"")'$ t0=Replace(t0,Chr(37),"")'% t0=Replace(t0,Chr(38),"")'& t0=Replace(t0,Chr(39),"")'' t0=Replace(t0,Chr(40),"")'( t0=Replace(t0,Chr(41),"")') t0=Replace(t0,Chr(42),"")'* t0=Replace(t0,Chr(43),"")'+ t0=Replace(t0,Chr(44),"")', t0=Replace(t0,Chr(45),"")'- t0=Replace(t0,Chr(46),"")'. t0=Replace(t0,Chr(47),"")'/ t0=Replace(t0,Chr(58),"")': t0=Replace(t0,Chr(59),"")'; t0=Replace(t0,Chr(60),"")' t0=Replace(t0,Chr(63),"")'? t0=Replace(t0,Chr(64),"")'@ t0=Replace(t0,Chr(91),"")'\ t0=Replace(t0,Chr(92),"")'\ t0=Replace(t0,Chr(93),"")'] t0=Replace(t0,Chr(94),"")'^ t0=Replace(t0,Chr(95),"")'_ t0=Replace(t0,Chr(96),"")'` t0=Replace(t0,Chr(123),"")'{ t0=Replace(t0,Chr(124),"")'| t0=Replace(t0,Chr(125),"")'} t0=Replace(t0,Chr(126),"")'~ Case Else t0=Replace(t0, "&", "&") t0=Replace(t0, "'", "'") t0=Replace(t0, """", """) t0=Replace(t0, "", ">") End Select IF Instr(Lcase(t0),"expression")>0 Then t0=Replace(t0,"expression","expression", 1, -1, 0) End If FilterText=t0 End Function '===================================== '过滤常见字符及Html '===================================== Function FilterHtml(ByVal t0) IF Len(t0)=0 Or IsNull(t0) Or IsArray(t0) Then FilterHtml="":Exit Function IF Len(Sdcms_Badhtml)>0 Then t0=ReplaceText(t0,"0 Then t0=ReplaceText(t0,"]*)("&Sdcms_BadEvent&")", "<$1$2") t0=FilterText(t0,0) FilterHtml=t0 End Function Function GotTopic(ByVal t0,ByVal t1) IF Len(t0)=0 Or IsNull(t0) Then GotTopic="" Exit Function End IF Dim l,t,c, i t0=Replace(Replace(Replace(Replace(t0,""," "),""",chr(34)),">",">"),"<","255 Then t=t+2 Else t=t+1 IF t>=t1 Then gotTopic=Left(t0,I)&"…" Exit For Else GotTopic=t0 End IF Next GotTopic=Replace(Replace(Replace(Replace(GotTopic," ",""),chr(34),"""),">",">"),"<","<") End Function Function UrlDecode(ByVal t0) Dim t1,t2,t3,i,t4,t5,t6 t1="" t2=False t3="" For I=1 To Len(t0) t4=Mid(t0,I,1) IF t4="+" Then t1=t1&" " ElseIF t4="%" Then t5=Mid(t0,i+1,2) t6=Cint("&H" & t5) IF t2 Then t2=False t1=t1&Chr(Cint("&H"&t3&t5)) Else IF Abs(t6)<=127 then t1=t1&Chr(t6) Else t2=True t3=t5 End IF End IF I=I+2 Else t1=t1&t4 End IF Next UrlDecode=t1 End Function Function CutStr(byVal t0,byVal t1) Dim l,t,c,i IF IsNull(t0) Then CutStr="":Exit Function l=Len(t0) t1=Int(t1) t=0 For I=1 To l c=Asc(Mid(t0,I,1)) IF c255 Then t=t+2 Else t=t+1 IF t>=t1 Then CutStr=Left(t0,I)&"..." Exit For Else CutStr=t0 End IF Next End Function Function CloseHtml(ByVal t0) Dim t1,I,t2,t3,Regs,Matches,J,Match Set Regs=New RegExp Regs.IgnoreCase=True Regs.Global=True t1=Array("p","div","span","table","ul","font","b","u","i","h1","h2","h3","h4","h5","h6") For I=0 To UBound(t1) t2=0 t3=0 Regs.Pattern="\<"&t1(I)&"( [^\]+|)\>" Set Matches=Regs.Execute(t0) For Each Match In Matches t2=t2+1 Next Regs.Pattern="\" Set Matches=Regs.Execute(t0) For Each Match In Matches t3=t3+1 Next For j=1 To t2-t3 t0=t0+"" Next Next CloseHtml=t0 End Function
以上就是asp中常用的字符串安全处理函数集合(过滤特殊字符等)的详细内容,更多关于字符串 安全处理的资料请关注脚本之家其它相关文章!