ASP过滤特殊字符的模块源码

实现效果:通过对特殊字符的转换,可以保证数据的安全。

代码如下:

<%
Function FormatHTML(fString)
    If fString<>"" Then
        fString = trim(fString)
        fString = replace(fString, ";", ";")     ''分号过滤

>        fString = replace(fString, "--", "——") ''--过滤
        fString = replace(fString, "%20", "")    ''特殊字符过滤

p;    fString = replace(fString, "==", "")     ''==过滤
        fString = replace(fString, ">", ">")
        fString = replace(fString,

"<", "<")
        fString = Replace(fString, CHR(32), " ")   '' 
        fString = Replace(fString, CHR(9

: #000000; BACKGROUND-COLOR: #f5f5f5">), " ")    '' 
        fString = Replace(fString, CHR(34), """)
        fString = Replace(fString, CHR(39), "'

KGROUND-COLOR: #f5f5f5">") ''单引号过滤
        fString = Replace(fString, CHR(13), "")
        fString = Replace(fString, CHR(10) & CHR(10), "</P><P>

pan>")
        fString = Replace(fString, CHR(10), "<BR> ")
        FormatHTML = fString
    End If
End Function
%>

第二种代码:
<%
Function ChkInvaildWord(Words)
Const InvaildWords="select|update|delete|insert|@|--|,"   '需要过滤得字符以“|”隔开,最后结束的字符必须是|
ChkInvaildWord=True
InvaildWord=Split(InvaildWords,"|")
inWords=LCase(Trim(Words))

For i=LBound(InvaildWord) To UBound(InvaildWord)
If Instr(inWords,InvaildWord(i))>0 Then
  ChkInvaildWord=True
  Exit Function
End If
Next
ChkInvaildWord=False
End Function
%>

Related Posts