最近休息,沒事情看了幾個黑客網站上的內容(都是因爲我的網站最近已經被些無聊人士搞過兩三次,而且每次的手段都不同,也看得出各自水平都不一樣。前段時間比較忙,沒多少時間來這裏。現在閒下來,今天發現這個東西,貼出來給大家做個參考,函數本身是很簡單,主要是看它的思路怎麼樣?)
|
NB葉子的一些防SQL函數 |
|
程序代碼:
函數部分'用途:檢查是否爲數字,以及數字是否超出範圍 '輸入:檢查字符,傳值方式(0直接傳,1取Form,2取QueryString,3取cookies,4直接Reqeust),開始數字(默認數字),結束數字(爲-1則不檢查大小) Function CheckNum(str_str,int_quest,int_startnum,int_endnum) mystr=Trim(str_str) Select Case int_quest Case 1 istr=Request.Form(mystr) Case 2 istr=Request.QueryString(mystr) Case 3 istr=Request.Cookies(mystr) Case 4 istr=Request(mystr) Case Else istr=mystr End Select istr=Left(istr,32) If IsNumeric(istr) Then iNum=CDbl(istr) Else iNum=int_startnum End If If int_endnum>-1Then If iNum<int_startnum Then iNum=int_startnum If iNum>int_endnum Then iNum=int_endnum End If CheckNum=iNum End Function '------------------------------------------------ '用途:檢查過濾字符串 '輸入:字符串,傳值方式(0直接傳,1取Form,2取QueryString,3取cookies,4直接Reqeust),檢查方式(1不過濾html,2純html,3標題過濾,4其他html過濾,),字符段截取長度 Function CheckStr(str_str,int_quest,int_type,int_strlen) mystr=str_str Select Case int_quest Case 1 istr=Request.Form(mystr) Case 2 istr=Request.QueryString(mystr) Case 3 istr=Request.Cookies(mystr) Case 4 istr=Request(mystr) Case Else istr=mystr End Select istr=""&Trim(istr) istr=Replace(istr,"'","''") Select Case int_type Case 1 istr=Replace(istr,CHR(32)," ") istr=Replace(istr,CHR(9)," ") istr=Replace(istr,CHR(10) & CHR(10),"</P><P> ") istr=Replace(istr,CHR(10),"<BR> ") istr=Replace(istr,CHR(13),"") Case 2 istr=istr Case 3 istr=Replace(istr,CHR(32)," ") istr=Replace(istr,CHR(9)," ") istr=Replace(istr,CHR(13), "") istr=Replace(istr,"<","<") istr=Replace(istr,">",">") istr=Replace(istr,CHR(34),""") istr=Replace(istr," "," ") istr=Replace(istr,CHR(39), "'") Case Else istr=Replace(istr,CHR(32)," ") istr=Replace(istr,CHR(9)," ") istr=Replace(istr,CHR(10) & CHR(10), "</P><P> ") istr=Replace(istr,CHR(10), "<BR> ") istr=Replace(istr,CHR(13), "") istr=Replace(istr,"<","<") istr=Replace(istr,">",">") istr=Replace(istr,CHR(34),""") istr=Replace(istr," "," ") istr=Replace(istr,CHR(39), "'") End select istr=CutStr(istr,int_strlen,"") CheckStr=istr End Function '------------------------------------------------ '用途:截取字符串 '輸入:字符串,字符段截取長度,超過部分字符 Function CutStr(str_str,int_strlen,str_addtrr) Dim k,i k=0 For i=1 to Len(str_str) c=Abs(Asc(Mid(str_str,i,1))) If c>255 Then k=k+2 Else k=k+1 End If If k>=int_strlen Then Exit For Next CutStr=Left(str_str,k)&str_addtrr End Function |
