ASP安全检测与过滤函数SafeCheck

2016-01-29 18:48 8 1 收藏

ASP安全检测与过滤函数SafeCheck,ASP安全检测与过滤函数SafeCheck

【 tulaoshi.com - ASP 】

 

'作用:安全字符串检测函数
'名字:SafeCheck
'参数:CheckString,CheckType,CheckLength
'说明:
'Checkstring待检测字符串:任意字符.
'CheckType检测类型0正常短字符1数字2日期3金钱4编码HTML5解码HTML6登录字符串7防攻击检测
'CheckLength检测类型长度:类型为int,当为金钱时为小数点的位置
'返回值:如果通过检测,返回正确字符串,
'如果未通过则返回错误代码SYSTEM_ERROR|ERROR_CODE
'Script Writen by :SnowDu(杜雪.NET)
'Web:http://www.snsites.com/
'Web:http://www.knowsky.com/
'-------------------------------------------
function  SafeCheck(CheckString,CheckType,CheckLength)
On Error Resume Next
ErrorRoot="SYSTEM_ERROR|"
if checkString="" then
 SafeCheck=ErrorRoot&"00001"
 exit function
end if

(本文来源于图老师网站,更多请访问http://www.tulaoshi.com/asp/)

CheckString=Replace(CheckString,"'","&#39")
select case CheckType
case 0
 CheckString=trim(CheckString)
 SafeCheck=Left(CheckString,CheckLength)
case 1
 if not isnumberic(CheckString) then
  SafeCheck=ErrorRoot&"00002"
  exit function
 else
  SafeCheck=Left(CheckString,CheckLength)
 end if
case 2
 tempVar=IsDate(CheckString)
 if Not TempVar then
  SafeCheck=ErrorRoot&"00003"
  exit function
 else
  select case CheckLength
  case 0
   SafeCheck=FormatDateTime(CheckString,vbShortDate)
  case 1
   SafeCheck=FormatDateTime(CheckString,vbLongDate)
  case 2
   SafeCheck=CheckString
  end select
 end if
case 3
 tempVar=FormatCurrency(CheckString,0)
 if Err then
  SafeCheck=ErrorRoot&"00004"
  exit function
 else
  SafeCheck=FormatCurrency(CheckString,CheckLength)
 end if
case 4
 sTemp = CheckString
 If IsNull(sTemp) = True Then
  SafeCheck=ErrorRoot&"00005"
  Exit Function
 End If
 sTemp = Replace(sTemp, "&", "&")
 sTemp = Replace(sTemp, "<", "&lt;")
 sTemp = Replace(sTemp, "", "&gt;")
 sTemp = Replace(sTemp, Chr(34), "&quot;")
 sTemp = Replace(sTemp, Chr(10), "<br")
 SafeCheck = Left(sTemp,CheckLength)
case 5
 sTemp = CheckString
 If IsNull(sTemp) = True Then
  SafeCheck=ErrorRoot&"00006"
  Exit Function
 End If
 sTemp = Replace(sTemp, "&amp;", "&")
 sTemp = Replace(sTemp, "&lt;", "<")
 sTemp = Replace(sTemp, "&gt;", "")
 sTemp = Replace(sTemp, "&quot;", Chr(34))
 sTemp = Replace(sTemp, "<br",Chr(10))
 SafeCheck = Left(sTemp,CheckLength)
case 6
 s_BadStr = "'  &<?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32)
 n = Len(s_BadStr)
 IsSafeStr = True
 For i = 1 To n
  If Instr(CheckString, Mid(s_BadStr, i, 1)) 0 Then
   IsSafeStr = False
  End If
 Next
 if IsSafeStr then
  SafeCheck=left(CheckString,CheckLength)
 else
  SafeCheck=ErrorRoot&"00007"
  Exit Function
 end if
case 7
 s_Filter="net user|xp_cmdshell|/add|select|count|asc|char|mid|'|""|"
 S_Filter=S_Filter&"insert|delete|drop|truncate|from|%|declare|-"
 S_Filters=split(S_Filter,"|")
 isFound=false
 for i=0 to ubound(S_Filters)-1
  if Instr(lcase(CheckString),lcase(S_Filters(i)))<0 then
   isFound=true
   exit for
  end if
 next
 if isFound then
  SafeCheck=ErrorRoot&"00008"
  Exit Function
 else
  SafeCheck=left(CheckString,CheckLength)
 end if
end select
end function

(本文来源于图老师网站,更多请访问http://www.tulaoshi.com/asp/) 

来源:http://www.tulaoshi.com/n/20160129/1507335.html

延伸阅读
标签: Web开发
正好有时间所以用C#写了一段正则表达式,作用是删除 Page 里面Code 中的 HTML标签,这在做采集信息,消除其中的HTML很有用处。 以下是引用片段: publicstringcheckStr(stringhtml) { System.Text.RegularExpressions.Regexregex1=newSystem.Text.RegularExpressions.Regex(@"script[sS]+/script*",System.Text.RegularExpr...
标签: Web开发
代码如下: function HTMLEncode(fString) if not isnull(fString) then fString = replace(fString, "", "") fString = replace(fString, "", "") fString = Replace(fString, CHR(32), " ") fString = Replace(fString, CHR(9),...
标签: ASP
<% '判断文件名是否合法 Function isFilename(aFilename)  Dim sErrorStr,iNameLength,i  isFilename=TRUE  sErrorStr=Array("/","\",":","*","?","""","<","","|")  iNameLength=Len(aFilename)  If iNameLength<1 Or iNameLength=null Then   isFilename=FALSE  Else   For i=0 To 8 &nb...
标签: Web开发
代码如下: function unHtml(content) unHtml=content if content "" then unHtml=replace(unHtml,"&","&") unHtml=replace(unHtml,"","") unHtml=replace(unHtml,"","") unHtml=replace(unHtml,chr(34),""") unHtml=replace(unHtml,chr(13),"br") unHtml=replace(unHtml,chr(32)," ") 'unHtml=ubb(unHtml) end if end function ...
标签: Web开发
========取得带端口的URL,推荐使用================  Function Get_ScriptNameUrl()  If request.servervariables("SERVER_PORT")="80" Then  Get_ScriptNameUrl="http://" & request.servervariables("server_name")&lcase(request.servervariables("script_name"))  Else  Get_Scrip...

经验教程

255

收藏

6
微博分享 QQ分享 QQ空间 手机页面 收藏网站 回到头部