3个比较好用的asp检查函数
作者:AloneSword 来源:csdn 时间:2007-09-24 13:25:00
因为比较简单,我就不说什么了。一看就明白的!
1.sql防注入函数
Function ChkStr(InString)
If InString<>"" Then
InString=Replace(LCase(InString)," ","")
InString=Replace(LCase(InString),";","")
InString=Replace(LCase(InString),"’","")
InString=Replace(LCase(Instring),"--","")
Instring=Replace(LCase(Instring),"%","")
InString=Replace(LCase(InString),"%20","")
InString=Replace(LCase(InString),"admin","")
InString=Replace(LCase(InString),"and","")
InString=Replace(LCase(InString),"or","")
InString=Replace(LCase(InString),"asc","")
InString=Replace(LCase(Instring),"chr","")
InString=Replace(LCase(InString),"mid","")
InString=Replace(LCase(InString),"len","")
InString=Replace(LCase(InString),"select","")
InString=Replace(LCase(InString),"insert","")
InString=Replace(LCase(InString),"delete","")
InString=Replace(LCase(InString),"update","")
ChkStr=InString
End If
End Function
2.检查文件是否合法,在 AccessExt="gif,jpg,jpeg,bmp,doc,txt,png" 定义允许的文件类型
Function CheckFileExt(FileExt)
Dim FileAccessExt,AccessExt
AccessExt="gif,jpg,jpeg,bmp,doc,txt,png"
FileAccessExt=Split(AccessExt,",")
For i=LBound(FileAccessExt) to UBound(FileAccessExt)
If LCase(FileExt)=LCase(FileAccessExt(i)) Then
CheckFileExt=True
Else
CheckFileExt=False
End If
Next
End Function
3.检查字符串是否数字
Function CheckStr(str,IsStr)
CheckStr=str
If IsStr And InStr(str,",")>0 Then
Call errmsg("提交字符中包含非法字符")
ElseIf (Not IsStr) And (Not IsNumeric(str)) Then
Call errmsg("提交不是数字型")
End If
End Function
Sub errmsg(str)
If Not IsNull(str) Then
Response.Write(str)&"< br >"
Call ASCpy()
Response.End() ’Very Improtan.Stop execute program.
End If
End Sub
小结:
最值得学习的还是response.End()的合理使用,非常的好。只要出现错误马上终止程序的运行,不给后面的机会,保证数据的安全。
标签:检查,函数
0
投稿
猜你喜欢
Web Forms 2.0
2008-07-24 12:47:00
对mysql表进行优化、分析、检查和修复的说明
2010-04-22 16:28:00
Dojo Style Javascript 编程规范
2007-10-25 17:24:00
VBScript中变量作用域
2007-11-02 10:03:00
ASP编程入门进阶(十一):Chat聊天程序
2008-05-12 07:06:00
从数据行入手保护SQL Server数据安全
2009-04-13 10:28:00
10大实用web应用界面技术[译]
2009-01-20 12:40:00
js求一组数中的最大数
2008-04-10 12:00:00
在ASP中使用Oracle数据库技巧
2008-05-17 11:47:00
主页移动背景代码
2009-11-16 17:54:00
HTML 5 正在改变 Web
2008-09-15 08:20:00
聚焦 DreamWeaver MX 2004
2010-03-25 12:22:00
画好线框图的20个步骤
2009-09-01 19:46:00
段正淳的css笔记(1)分类之间的横竖线
2007-11-01 21:47:00
Web标准下该如何“插入”图像
2008-03-17 13:01:00
Sql Server 和 Access 操作数据库结构Sql语句
2008-02-11 18:59:00
发一个较复杂的字符串截取函数
2009-12-08 16:23:00
FrontPage2002简明教程八:站点的管理
2008-09-17 11:36:00
该用多大的字
2009-05-17 14:39:00
怎样在GoDaddy-Linux主机上使用JSP连接到MySQL数据库
2010-04-21 12:38:00