ASP中安全检测与过滤函数SafeCheck
'作用:安全字符串检测函数 checkstring=replace(checkstring,"'","'")
'名字:safecheck
'参数:checkstring,checktype,checklength
'说明:
'checkstring待检测字符串:任意字符.
'checktype检测类型0正常短字符1数字2日期3金钱4编码html5解码html6登录字符串7防攻击检测
'checklength检测类型长度:类型为int,当为金钱时为小数点的位置
'返回值:如果通过检测,返回正确字符串,
'如果未通过则返回错误代码system_error|error_code
'script writen by :snowdu(杜雪.net)
'web:http://www.snsites.com/
'web:http://www.knowsky.com/
'-------------------------------------------
function safecheck(checkstring,checktype,checklength)
on error resume next
errorroot="system_error|"
if checkstring="" then
safecheck=errorroot&"00001"
exit function
end if(来源www.iocblog.net)
select case checktype
case 0
checkstring=trim(checkstring)
safecheck=left(checkstring,checklength)
case 1
if not isnumberic(checkstring) then
safecheck=errorroot&"00002"
exit function
else
safecheck=left(checkstring,checklength)(来源www.iocblog.net)
end if
case 2
tempvar=isdate(checkstring)
if not tempvar then
safecheck=errorroot&"00003"
exit function
else
select case checklength
case 0
safecheck=formatdatetime(checkstring,vbshortdate)
case 1
safecheck=formatdatetime(checkstring,vblongdate)
case 2
safecheck=checkstring
end select
end if
case 3
tempvar=formatcurrency(checkstring,0)
if err then
safecheck=errorroot&"00004"
exit function
else
safecheck=formatcurrency(checkstring,checklength)
end if
case 4
stemp = checkstring
if isnull(stemp) = true then
safecheck=errorroot&"00005"
exit function
end if
stemp = replace(stemp, "&", "&")
stemp = replace(stemp, "<", "<")
stemp = replace(stemp, ">", ">")
stemp = replace(stemp, chr(34), """)
stemp = replace(stemp, chr(10), "<br>")
safecheck = left(stemp,checklength)
case 5
stemp = checkstring
if isnull(stemp) = true then
safecheck=errorroot&"00006"
exit function
end if
stemp = replace(stemp, "&", "&")
stemp = replace(stemp, "<", "<")
stemp = replace(stemp, ">", ">")
stemp = replace(stemp, """, chr(34))
stemp = replace(stemp, "<br>",chr(10))
safecheck = left(stemp,checklength)
case 6
s_badstr = "' &<>?%,;:()`~!@#$^*{}[]|+-=" & chr(34) & chr(9) & chr(32)
n = len(s_badstr)
issafestr = true
for i = 1 to n
if instr(checkstring, mid(s_badstr, i, 1)) > 0 then
issafestr = false
end if
next
if issafestr then
safecheck=left(checkstring,checklength)
else
safecheck=errorroot&"00007"
exit function
end if
case 7
s_filter="net user|xp_cmdshell|/add|select|count|asc|char|mid|'|""|"
s_filter=s_filter&"insert|delete|drop|truncate|from|%|declare|-"
s_filters=split(s_filter,"|")
isfound=false
for i=0 to ubound(s_filters)-1
if instr(lcase(checkstring),lcase(s_filters(i)))<>0 then
isfound=true
exit for
end if
next
if isfound then
safecheck=errorroot&"00008"
exit function
else
safecheck=left(checkstring,checklength)
end if
end select
end function
Tag: SafeCheck
文章整理:iocblog
版权申明:本站文章均来自网络,如有侵权,请联系我们,我们收到后立即删除,谢谢!
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有。