文字符号过滤防止从外部提交表单
当前位置:点晴教程→知识管理交流
→『 技术文档交流 』
过滤一些简单的特殊符号: Function GetSafeStr(str) GetSafeStr=Replace(Replace(Replace(Replace(Replace(str,"'","‘"),"""","“"),"&",""),"<","<"),">",">") End Function function getip() Dim strIPAddr If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" or InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then strIPAddr = Request.ServerVariables("REMOTE_ADDR") ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1) ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1) Else strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR") End If getIP = Trim(Mid(strIPAddr, 1, 30)) end function '=============================================================== '函数名:RemoveHTML '作 用:清除HTML标签 '参 数:strHTML 内容 '返回值:过滤HTML标签后的内容 '=============================================================== function RemoveHTML(strHTML) Dim objRegExp, Match, Matches Set objRegExp = New Regexp objRegExp.IgnoreCase = True objRegExp.Global = True '取闭合的<> objRegExp.Pattern = "<.+?>" '进行匹配 Set Matches = objRegExp.Execute(strHTML) '遍历匹配集合,并替换掉匹配的项目 For Each Match in Matches strHtml=Replace(strHTML,Match.Value,"") Next RemoveHTML=strHTML Set objRegExp = Nothing End function Function IIF(Expression,ReturnTrue,ReturnFalse) If Expression Then IIF = ReturnTrue Else IIF = ReturnFalse End If End Function '函数:全功能安全过滤函数 '参数:请求方式,过滤类型,请求名,值类型,默认值 Function SafeRequest(Requester,FilterType,RequestName,RequestType,DefaultValue) Dim tmpValue Select Case Requester Case 0 : tmpValue = RequestName Case 1 : tmpValue = Request(RequestName) Case 2 : tmpValue = Request.Form(RequestName) Case 3 : tmpValue = Request.QueryString(RequestName) Case 4 : tmpValue = Request.Cookies(RequestName) End Select Select Case RequestType Case 0 If Not IsNumeric(tmpValue) or Len(tmpValue) <=0 Then tmpValue = CLng(DefaultValue) Else tmpValue = CLng(tmpValue) End If Case 1 If tmpValue="" or IsNull(tmpValue) Then tmpValue=DefaultValue Select Case FilterType Case 0 : tmpValue = tmpValue Case 1 : tmpValue = SafeSql(tmpValue) Case 2 : tmpValue = FilterHtml(tmpValue) End Select Case 2 If Not IsDate(tmpValue) or Len(tmpValue) <=0 Then tmpValue = CDate(DefaultValue) Else tmpValue = CDate(tmpValue) End If End Select SafeRequest = tmpValue End Function '函数:危险Sql过滤 '参数:Sql '返回:过滤结果 Function SafeSql(str) SafeSql = Replace(str, "'", "'") End Function '函数:过滤Html标签 '参数:字符串 '返回:过滤后的字符串 Function FilterHtml(str) If IsNull(str) or str="" Then FilterHtml="" : Exit Function Dim r Set r = New RegExp r.IgnoreCase = True r.Global = True r.MultiLine = True r.Pattern = " <.+?>" FilterHtml = r.Replace(str,"") Set r = Nothing End Function function IsNumericStr(str) IsNumericStr = true str=LCase(str) strSource ="0123456789" for i=1 to len(str) if InStr(strSource,mid(str,i,1)) <=0 then IsNumericStr = false exit for end if next end function Rem 判断发言是否来自外部 'ChkPost=false 来自外部提交(非法) 'ChkPost=true 合法提交表单 '************************************************************************************************* function ChkPost() dim server_v1,server_v2 chkpost=false server_v1=LCase(Cstr(Request.ServerVariables("HTTP_REFERER"))) server_v2=LCase(Cstr(Request.ServerVariables("SERVER_NAME"))) if mid(server_v1,8,len(server_v2)) <>server_v2 then chkpost=false else chkpost=true end if end function <% Function GoRed(Str,keyword) '*************************************** 'GoRed函数 Str,搜索出来的内容,keyword 要替换的关键字 '*************************************** Dim RegObj Set RegObj= New RegExp '定义新的正则表达式 With RegObj .Global = True .IgnoreCase = True .Pattern="([.\n]*)("&Keyword&")([.\n]*)" GoRed=.Replace(Str,"$1 <font color='red'>$2 </font>$3") End With Set RegObj=Nothing End Function str="Fditffdsdads" response.write str&"<br>" response.write GoRed(str,"f") %> 输出的结果是:F dit f f dsdads <% '此文件可以对整站提交文字进行过滤 '编写者:逸风 '编写日期:2008-6-4 '函数说明:对非法字符进行过滤 '这个函数将过滤所有非中文字符 function ClearString(str) dim re,str1,str2,i set re = new regexp re.Pattern = "^[\u4e00-\u9fa5\s\n\r\t]+$" for i=1 to len(str) str1 = mid(str,i,1) clearString = re.Test(str1) if clearString=true then str2 = str2&str1 end if next str=str2 ClearString = str end function function KillKey(str) KillKey=str end function '编写者:逸风 '编写日期:2008-6-4 '函数说明:对非法字符进行过滤 '这个函数将过滤所有非中文字符 function SearchKey(str) Key="这里是非法字符 嘎嘎`~~CSDN也屏蔽的" KeyArray=split(Key,",") K=ubound(KeyArray) str2=ClearString(str) for i=0 to K if Instr(str2,KeyArray(i)) then response.Write("<font color=red>您所提交的信息中包含非法字符,请您返回后仔细检查所填写的内容然后再次提交您的信息!</font><a href='javascript:history.go(-1);'>返回</a><br/><font color=#0000FF>感谢您的支持!</font><br/>非法字符:" & KeyArray(i)) response.End() end if next SearchKey=str end function function urldecode(encodestr) 'encodestr就是要解码的字符串 Dim newstr,havechar,lastchar,i,char_c,next_1_c,next_1_Num newstr="" havechar=false lastchar="" for i=1 to len(encodestr) char_c=mid(encodestr,i,1) if char_c="+" then newstr=newstr & " " elseif char_c="%" then next_1_c=mid(encodestr,i+1,2) next_1_num=cint("&H" & next_1_c) if havechar then havechar=false newstr=newstr & chr(cint("&H" & lastchar & next_1_c)) else if abs(next_1_num)<=127 then newstr=newstr & chr(next_1_num) else havechar=true lastchar=next_1_c end if end if i=i+2 else newstr=newstr & char_c end if next urldecode=newstr end function TempStr1=urldecode(request.QueryString)
TempStr2=urldecode(request.Form) '查询提交的信息 如有非法字符 直接终止程序运行 SearchKey(TempStr1) SearchKey(TempStr2) %> 该文章在 2011/11/20 1:32:45 编辑过 |
关键字查询
相关文章
正在查询... |