ASP过滤特殊字符的模块源码

实现效果:通过对特殊字符的转换,可以保证数据的安全。

代码如下:

<%
Function FormatHTML(fString)
    If fString<>"" Then
        fString = trim(fString)
        fString = replace(fString, ";", ";")     ''分号过滤

>        fString = replace(fString, "--", "——") ''--过滤
        fString = replace(fString, "%20", "")    ''特殊字符过滤

p;    fString = replace(fString, "==", "")     ''==过滤
        fString = replace(fString, ">", ">")
        fString = replace(fString,

"<", "<")
        fString = Replace(fString, CHR(32), " ")   '' 
        fString = Replace(fString, CHR(9

: #000000; BACKGROUND-COLOR: #f5f5f5">), " ")    '' 
        fString = Replace(fString, CHR(34), """)
        fString = Replace(fString, CHR(39), "'

KGROUND-COLOR: #f5f5f5">") ''单引号过滤
        fString = Replace(fString, CHR(13), "")
        fString = Replace(fString, CHR(10) & CHR(10), "</P><P>

pan>")
        fString = Replace(fString, CHR(10), "<BR> ")
        FormatHTML = fString
    End If
End Function
%>

第二种代码:
<%
Function ChkInvaildWord(Words)
Const InvaildWords="select|update|delete|insert|@|--|,"   '需要过滤得字符以“|”隔开,最后结束的字符必须是|
ChkInvaildWord=True
InvaildWord=Split(InvaildWords,"|")
inWords=LCase(Trim(Words))

For i=LBound(InvaildWord) To UBound(InvaildWord)
If Instr(inWords,InvaildWord(i))>0 Then
  ChkInvaildWord=True
  Exit Function
End If
Next
ChkInvaildWord=False
End Function
%>

This entry was posted in Technology and tagged , , . Bookmark the permalink. 8,780 views

Related Posts

One Response to ASP过滤特殊字符的模块源码

  1. lulu says:

    这段代码明示不能用,为什么网络上到处是?
    我的邮箱:ancher@163.com,如果有能用的,请告诉,谢谢。
    [reply=pop,2010-06-17 07:00 AM]这个好像是我转载的。你再找找。[/reply]

Leave a Reply

Your email address will not be published. Required fields are marked *