防SQL数字注入函数
http://blog.csdn.net/cncco/archive/2007/10/03/1810540.aspx
防SQL注入函数
程序代码:
函数部分========================================================================
'------------------------------------------------
'用途:检查是否为数字,以及数字是否超出范围
'输入:检查字符,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),开始数字(默认数字),结束数字(为-1则不检查大小)
Function CheckNum(str_str,int_quest,int_startnum,int_endnum)
mystr=Trim(str_str)
Select Case int_quest
Case 1
istr=Request.Form(mystr)
Case 2
istr=Request.QueryString(mystr)
Case 3
istr=Request.Cookies(mystr)
Case 4
istr=Request(mystr)
Case Else
istr=mystr
End Select
istr=Left(istr,32)
If IsNumeric(istr) Then
iNum=CDbl(istr)
Else
iNum=int_startnum
End If
If int_endnum>-1Then
If iNum If iNum>int_endnum Then iNum=int_endnum
End If
CheckNum=iNum
End Function
'------------------------------------------------
'用途:检查过滤字符串
'输入:字符串,传值方式(0直接传,1取Form,2取QueryString,3取cookies,4直接Reqeust),检查方式(1不过滤html,2纯html,3标题过滤,4其他html过滤,),字符段截取长度
Function CheckStr(str_str,int_quest,int_type,int_strlen)
mystr=str_str
Select Case int_quest
Case 1
istr=Request.Form(mystr)
Case 2
istr=Request.QueryString(mystr)
Case 3
istr=Request.Cookies(mystr)
Case 4
istr=Request(mystr)
Case Else
istr=mystr
End Select
istr=""&Trim(istr)
istr=Replace(istr,"'","''")
Select Case int_type
Case 1
istr=Replace(istr,CHR(32)," ")
istr=Replace(istr,CHR(9)," ")
istr=Replace(istr,CHR(10) & CHR(10),"
")
istr=Replace(istr,CHR(10),"
")
istr=Replace(istr,CHR(13),"")
Case 2
istr=istr
Case 3
istr=Replace(istr,CHR(32)," ")
istr=Replace(istr,CHR(9)," ")
istr=Replace(istr,CHR(13), "")
istr=Replace(istr,"<","<")
istr=Replace(istr,">",">")
istr=Replace(istr,CHR(34),""")
istr=Replace(istr," "," ")
istr=Replace(istr,CHR(39), "'")
Case Else
istr=Replace(istr,CHR(32)," ")
istr=Replace(is
