文字符號過濾防止從外部提交表單
當前位置:點晴教程→知識管理交流
→『 技術文檔交流 』
過濾一些簡單的特殊符號: Function GetSafeStr(str) GetSafeStr=Replace(Replace(Replace(Replace(Replace(str,"'","‘"),"""","“"),"&",""),"<","<"),">",">") End Function function getip() Dim strIPAddr If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" or InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then strIPAddr = Request.ServerVariables("REMOTE_ADDR") ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1) ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1) Else strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR") End If getIP = Trim(Mid(strIPAddr, 1, 30)) end function '=============================================================== '函數名:RemoveHTML '作 用:清除HTML標簽 '參 數:strHTML 內容 '返回值:過濾HTML標簽后的內容 '=============================================================== function RemoveHTML(strHTML) Dim objRegExp, Match, Matches Set objRegExp = New Regexp objRegExp.IgnoreCase = True objRegExp.Global = True '取閉合的<> objRegExp.Pattern = "<.+?>" '進行匹配 Set Matches = objRegExp.Execute(strHTML) '遍歷匹配集合,并替換掉匹配的項目 For Each Match in Matches strHtml=Replace(strHTML,Match.Value,"") Next RemoveHTML=strHTML Set objRegExp = Nothing End function Function IIF(Expression,ReturnTrue,ReturnFalse) If Expression Then IIF = ReturnTrue Else IIF = ReturnFalse End If End Function '函數:全功能安全過濾函數 '參數:請求方式,過濾類型,請求名,值類型,默認值 Function SafeRequest(Requester,FilterType,RequestName,RequestType,DefaultValue) Dim tmpValue Select Case Requester Case 0 : tmpValue = RequestName Case 1 : tmpValue = Request(RequestName) Case 2 : tmpValue = Request.Form(RequestName) Case 3 : tmpValue = Request.QueryString(RequestName) Case 4 : tmpValue = Request.Cookies(RequestName) End Select Select Case RequestType Case 0 If Not IsNumeric(tmpValue) or Len(tmpValue) <=0 Then tmpValue = CLng(DefaultValue) Else tmpValue = CLng(tmpValue) End If Case 1 If tmpValue="" or IsNull(tmpValue) Then tmpValue=DefaultValue Select Case FilterType Case 0 : tmpValue = tmpValue Case 1 : tmpValue = SafeSql(tmpValue) Case 2 : tmpValue = FilterHtml(tmpValue) End Select Case 2 If Not IsDate(tmpValue) or Len(tmpValue) <=0 Then tmpValue = CDate(DefaultValue) Else tmpValue = CDate(tmpValue) End If End Select SafeRequest = tmpValue End Function '函數:危險Sql過濾 '參數:Sql '返回:過濾結果 Function SafeSql(str) SafeSql = Replace(str, "'", "'") End Function '函數:過濾Html標簽 '參數:字符串 '返回:過濾后的字符串 Function FilterHtml(str) If IsNull(str) or str="" Then FilterHtml="" : Exit Function Dim r Set r = New RegExp r.IgnoreCase = True r.Global = True r.MultiLine = True r.Pattern = " <.+?>" FilterHtml = r.Replace(str,"") Set r = Nothing End Function function IsNumericStr(str) IsNumericStr = true str=LCase(str) strSource ="0123456789" for i=1 to len(str) if InStr(strSource,mid(str,i,1)) <=0 then IsNumericStr = false exit for end if next end function Rem 判斷發言是否來自外部 'ChkPost=false 來自外部提交(非法) 'ChkPost=true 合法提交表單 '************************************************************************************************* function ChkPost() dim server_v1,server_v2 chkpost=false server_v1=LCase(Cstr(Request.ServerVariables("HTTP_REFERER"))) server_v2=LCase(Cstr(Request.ServerVariables("SERVER_NAME"))) if mid(server_v1,8,len(server_v2)) <>server_v2 then chkpost=false else chkpost=true end if end function <% Function GoRed(Str,keyword) '*************************************** 'GoRed函數 Str,搜索出來的內容,keyword 要替換的關鍵字 '*************************************** Dim RegObj Set RegObj= New RegExp '定義新的正則表達式 With RegObj .Global = True .IgnoreCase = True .Pattern="([.\n]*)("&Keyword&")([.\n]*)" GoRed=.Replace(Str,"$1 <font color='red'>$2 </font>$3") End With Set RegObj=Nothing End Function str="Fditffdsdads" response.write str&"<br>" response.write GoRed(str,"f") %> 輸出的結果是:F dit f f dsdads <% '此文件可以對整站提交文字進行過濾 '編寫者:逸風 '編寫日期:2008-6-4 '函數說明:對非法字符進行過濾 '這個函數將過濾所有非中文字符 function ClearString(str) dim re,str1,str2,i set re = new regexp re.Pattern = "^[\u4e00-\u9fa5\s\n\r\t]+$" for i=1 to len(str) str1 = mid(str,i,1) clearString = re.Test(str1) if clearString=true then str2 = str2&str1 end if next str=str2 ClearString = str end function function KillKey(str) KillKey=str end function '編寫者:逸風 '編寫日期:2008-6-4 '函數說明:對非法字符進行過濾 '這個函數將過濾所有非中文字符 function SearchKey(str) Key="這里是非法字符 嘎嘎`~~CSDN也屏蔽的" KeyArray=split(Key,",") K=ubound(KeyArray) str2=ClearString(str) for i=0 to K if Instr(str2,KeyArray(i)) then response.Write("<font color=red>您所提交的信息中包含非法字符,請您返回后仔細檢查所填寫的內容然后再次提交您的信息!</font><a href='javascript:history.go(-1);'>返回</a><br/><font color=#0000FF>感謝您的支持!</font><br/>非法字符:" & KeyArray(i)) response.End() end if next SearchKey=str end function function urldecode(encodestr) 'encodestr就是要解碼的字符串 Dim newstr,havechar,lastchar,i,char_c,next_1_c,next_1_Num newstr="" havechar=false lastchar="" for i=1 to len(encodestr) char_c=mid(encodestr,i,1) if char_c="+" then newstr=newstr & " " elseif char_c="%" then next_1_c=mid(encodestr,i+1,2) next_1_num=cint("&H" & next_1_c) if havechar then havechar=false newstr=newstr & chr(cint("&H" & lastchar & next_1_c)) else if abs(next_1_num)<=127 then newstr=newstr & chr(next_1_num) else havechar=true lastchar=next_1_c end if end if i=i+2 else newstr=newstr & char_c end if next urldecode=newstr end function TempStr1=urldecode(request.QueryString)
TempStr2=urldecode(request.Form) '查詢提交的信息 如有非法字符 直接終止程序運行 SearchKey(TempStr1) SearchKey(TempStr2) %> 該文章在 2011/11/20 1:32:45 編輯過 |
關鍵字查詢
相關文章
|
400 186 1886
