您当前的位置: 首页 > 网站编程 > ASP教程 > ASP过滤SQL非法字符并格式化html代码

ASP过滤SQL非法字符并格式化html代码

作者:guanchaofeng 来源:不详 发布时间: 2009-09-30 08:51 点击:
% functionchangechr(str) changechr=replace(replace(replace(replace(str,,lt;),,gt;),chr(13),br),,nbsp;) changechr=replace(replace(replace(replace(changechr,[sayyes],divalign=centerimgsrc=),[b],b),[red],fontcolor=CC0000),[big],fontsize=7) ch

ASP过滤SQL非法字符并格式化html代码

  <%
  functionchangechr(str)
  changechr=replace(replace(replace(replace(str,"<","&lt;"),">","&gt;"),chr(13),"<br>"),"","&nbsp;")
  changechr=replace(replace(replace(replace(changechr,"[sayyes]","<divalign=center><imgsrc="),"[b]","<b>"),"[red]","<fontcolor=CC0000>"),"[big]","<fontsize=7>")
  changechr=replace(replace(replace(replace(changechr,"[/sayyes]","></img></div>"),"[/b]","</b>"),"[/red]","</font>"),"[/big]","</font>")
  endfunction
  
  '过滤SQL非法字符并格式化html代码
  functionReplace_Text(fString)
  ifisnull(fString)then
  Replace_Text=""
  exitfunction
  else
  fString=trim(fString)
  fString=replace(fString,"'","''")
  fString=replace(fString,";",";")
  fString=replace(fString,"--","—")
  fString=server.htmlencode(fString)
  Replace_Text=fString
  endif
  endfunction
  
  '会员发布的各种信息过滤
  'FunctionReplace_Text(fString)
  'IfNotIsNull(fString)Then
  'fString=trim(fString)
  'fString=replace(fString,";",";")'分号过滤
  'fString=replace(fString,"--","——")'--过滤
  'fString=replace(fString,"%20","")'特殊字符过滤
  'fString=replace(fString,"==","")'==过滤
  'fString=replace(fString,">","&gt;")
  'fString=replace(fString,"<","&lt;")
  'fString=Replace(fString,CHR(32),"")'&nbsp;
  'fString=Replace(fString,CHR(9),"")'&nbsp;
  'fString=Replace(fString,CHR(34),"&quot;")
  'fString=Replace(fString,CHR(39),"&#39;")'单引号过滤
  'fString=Replace(fString,CHR(13),"")
  'fString=Replace(fString,CHR(10)&CHR(10),"</P><P>")
  'fString=Replace(fString,CHR(10),"<BR>")
  'Replace_Text=fString
  'EndIf
  'EndFunction
  
  '过滤SQL非法字符
  FunctioncheckStr(Chkstr)
  dimStr:Str=Chkstr
  ifisnull(Str)then
  checkStr=""
  exitFunction
  else
  Str=replace(Str,"'","")
  Str=replace(Str,";","")
  Str=replace(Str,"--","")
  checkStr=Str
  endif
  EndFunction
  
  '检测传递的参数是否为数字型
  FunctionChkrequest(Para)
  Chkrequest=False
  IfNot(IsNull(Para)OrTrim(Para)=""OrNotIsNumeric(Para))Then
  Chkrequest=True
  EndIf
  EndFunction
  
  '检测传递的参数是否为日期型
  FunctionChkrequestdate(Para)
  Chkrequestdate=False
  IfNot(IsNull(Para)OrTrim(Para)=""OrNotIsDate(Para))Then
  Chkrequestdate=True
  EndIf
  EndFunction
  
  '得到当前页面的地址
  FunctionGetUrl()
  OnErrorResumeNext
  DimstrTemp
  IfLCase(Request.ServerVariables("HTTPS"))="off"Then
  strTemp="http://"
  Else
  strTemp="https://"
  EndIf
  strTemp=strTemp&CheckStr(Request.ServerVariables("SERVER_NAME"))
  IfRequest.ServerVariables("SERVER_PORT")<>80ThenstrTemp=strTemp&":"&CheckStr(Request.ServerVariables("SERVER_PORT"))
  strTemp=strTemp&CheckStr(Request.ServerVariables("URL"))
  IfTrim(Request.QueryString)<>""ThenstrTemp=strTemp&"?"&CheckStr(Trim(Request.QueryString))
  GetUrl=strTemp
  EndFunction
  
  'FunctionCheckReferer()'检查用户是否在浏览器里输入了本页的地址
  'DimsReferer,Icheck
  'CheckReferer=True
  'sReferer=Request.ServerVariables("HTTP_REFERER")
  'ServerIP=Request.ServerVariables("LOCAL_ADDR")
  'Icheck=InStr(sReferer,"ServerIP")
  'IfIcheck=0Then
  'CheckReferer=False
  'EndIf
  'EndFunction
  
  '日期格式化
  FunctionFormatDate(DT,tp)
  dimY,M,D
  Y=Year(DT)
  M=month(DT)
  D=Day(DT)
  ifM<10thenM="0"&M
  ifD<10thenD="0"&D
  selectcasetp
  case1FormatDate=Y&"年"&M&"月"&D&"日"
  case2FormatDate=Y&"-"&M&"-"&D
  endselect
  EndFunction
  
  '不允许外部提交数据的选择
  FunctionChkPost()
  dimHTTP_REFERER,SERVER_NAME
  dimserver_v1,server_v2
  chkpost=false
  SERVER_NAME=CheckStr(Request.ServerVariables("SERVER_NAME"))
  HTTP_REFERER=CheckStr(Request.ServerVariables("HTTP_REFERER"))
  server_v1=Cstr(HTTP_REFERER)
  server_v2=Cstr(SERVER_NAME)
  ifmid(server_v1,8,len(server_v2))<>server_v2then
  chkpost=false
  else
  chkpost=true
  endif
  EndFunction
  
  '构造上传图片文件名随机数
  functionMakedownName()
  dimfname
  fname=now()
  fname=replace(fname,"-","")
  fname=replace(fname,"","")
  fname=replace(fname,":","")
  fname=replace(fname,"PM","")
  fname=replace(fname,"AM","")
  fname=replace(fname,"上午","")
  fname=replace(fname,"下午","")
  fname=int(fname)+int((10-1+1)*Rnd+1)
  MakedownName=fname
  endfunction
  
  'Email检测
  functionIsValidEmail(email)
  dimnames,name,i,c
  IsValidEmail=true
  names=Split(email,"@")
  ifUBound(names)<>1then
  IsValidEmail=false
  exitfunction
  endif
  foreachnameinnames
  ifLen(name)<=0then
  IsValidEmail=false
  exitfunction
  endif
  fori=1toLen(name)
  c=Lcase(Mid(name,i,1))
  ifInStr("abcdefghijklmnopqrstuvwxyz_-.",c)<=0andnotIsNumeric(c)then
  IsValidEmail=false
  exitfunction
  endif
  next
  ifLeft(name,1)="."orRight(name,1)="."then
  IsValidEmail=false
  exitfunction
  endif
  next
  ifInStr(names(1),".")<=0then
  IsValidEmail=false
  exitfunction
  endif
  i=Len(names(1))-InStrRev(names(1),".")
  ifi<>2andi<>3then
  IsValidEmail=false
  exitfunction
  endif
  ifInStr(email,"..")>0then
  IsValidEmail=false
  endif
  endfunction
  
  'Jmail邮件发送
  FunctionSendJmail(Email,Topic,MailBody)
  
  DimJMail
  onerrorresumenext
  SetJMail=Server.CreateObject("JMail.SMTPMail")
  JMail.LazySend=true
  JMail.silent=true
  JMail.Charset="gb2312"
  JMail.ContentType="text/html"
  JMail.Sender="wemaster@alibaba.info"'我们网站自己的邮箱
  JMail.ReplyTo="wemaster@alibaba.info"'我们网站自己的邮箱
  JMail.SenderName="阿里爸爸邮件发送"
  JMail.Subject=Topic
  JMail.SimpleLayout=true
  JMail.Body=MailBody
  JMail.Priority=3
  JMail.AddRecipientEmail
  JMail.AddHeader"Originating-IP",GBL_IPAddress
  IfJMail.Execute()=falseThen
  SendJmail=0
  Else
  SendJmail=1
  EndIf
  JMail.Close
  SetJMail=Nothing
  
  EndFunction
  
  '分页
  FunctionlistPages(LinkFile)
  ifnot(rs.eofandrs.bof)then
  gopage=currentpage
  totalpage=n
  blockPage=Int((gopage-1)/10)*10+1
  'ifinstr(linkfile,"?page=")>0orinstr(linkfile,"&page=")>0then
  'pos=instr(linkfile,"page=")-2
  'linkfile=left(linkfile,pos)
  'endif
  
  IfLCase(Request.ServerVariables("HTTPS"))="off"Then
  strTemp="http://"
  Else
  strTemp="https://"
  EndIf
  strTemp=strTemp&CheckStr(Request.ServerVariables("SERVER_NAME"))
  IfRequest.ServerVariables("SERVER_PORT")<>80ThenstrTemp=strTemp&":"&CheckStr(Request.ServerVariables("SERVER_PORT"))
  strTemp=strTemp&CheckStr(Request.ServerVariables("URL"))
  lenstrTemp=len(strTemp)+1
  ifinstr(left(linkfile,lenstrTemp),"?")>0then
  
  ifblockPage=1Then
  Response.Write"<spandisabled>【←前10页</span>&nbsp;"
  Else
  Response.Write("<spandisabled>【</span><ahref="&LinkFile&"&page="&blockPage-10&">←前10页</a>&nbsp;")
  EndIf
  i=1
  DoUntili>10orblockPage>n
  IfblockPage=int(gopage)Then
  Response.Write("<fontcolor=#FF0000>[<b>"&blockPage&"</b>]</font>")
  Else
  Response.Write("<ahref="&LinkFile&"&page="&blockPage&">["&blockPage&"]</a>")
  EndIf
  blockPage=blockPage+1
  i=i+1
  Loop
  ifblockPage>totalpageThen
  Response.Write"&nbsp;<spandisabled>后10页→】"
  Else
  Response.Write("&nbsp;<ahref="&LinkFile&"&page="&blockPage&">后10页→</a><spandisabled>】")
  EndIf
  response.write"直接到第"
  response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
  fori=1tototalpage
  response.write"<optionvalue='"&LinkFile&"&page="&i&"'"
  ifi=gopagethenresponse.write"selected"
  response.write">"&i&"</option>"
  next
  response.write"</select>"
  response.write"页<Br><Br>"
  
  else
  
  ifblockPage=1Then
  Response.Write"<spandisabled>【←前10页</span>&nbsp;"
  Else
  Response.Write("<spandisabled>【</span><ahref="&LinkFile&"?page="&blockPage-10&">←前10页</a>&nbsp;")
  EndIf
  i=1
  DoUntili>10orblockPage>n
  IfblockPage=int(gopage)Then
  Response.Write("<fontcolor=#FF0000>[<b>"&blockPage&"</b>]</font>")
  Else
  Response.Write("<ahref="&LinkFile&"?page="&blockPage&">["&blockPage&"]</a>")
  EndIf
  blockPage=blockPage+1
  i=i+1
  Loop
  ifblockPage>totalpageThen
  Response.Write"&nbsp;<spandisabled>后10页→】"
  Else
  Response.Write("&nbsp;<ahref="&LinkFile&"?page="&blockPage&">后10页→</a><spandisabled>】")
  EndIf
  response.write"直接到第"
  response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
  fori=1tototalpage
  response.write"<optionvalue='"&LinkFile&"?page="&i&"'"
  ifi=gopagethenresponse.write"selected"
  response.write">"&i&"</option>"
  next
  response.write"</select>"
  response.write"页<Br><Br>"
  
  EndIf
  
  Startinfo=((gopage-1)*msg_per_page)+1
  Endinfo=gopage*msg_per_page
  ifEndinfo>totalrecthenEndinfo=totalrec
  Response.Write("&nbsp;&nbsp;共"&totalrec&"条信息当前显示第"&Startinfo&"-"&Endinfo&"条每页"&msg_per_page&"条信息共"&n&"页")
  endif
  EndFunction
  
  '分页2
  FunctionlistPages2(LinkFile)
  ifnot(rs.eofandrs.bof)then
  gopage=currentpage
  totalpage=n
  blockPage=Int((gopage-1)/10)*10+1
  
  IfLCase(Request.ServerVariables("HTTPS"))="off"Then
  strTemp="http://"
  Else
  strTemp="https://"
  EndIf
  strTemp=strTemp&CheckStr(Request.ServerVariables("SERVER_NAME"))
  IfRequest.ServerVariables("SERVER_PORT")<>80ThenstrTemp=strTemp&":"&CheckStr(Request.ServerVariables("SERVER_PORT"))
  strTemp=strTemp&CheckStr(Request.ServerVariables("URL"))
  lenstrTemp=len(strTemp)+1
  ifinstr(left(linkfile,lenstrTemp),"?")>0then
  
  ifblockPage=1Then
  Response.Write"<spandisabled>前10页</span>&nbsp;"
  Else
  Response.Write("<ahref="&LinkFile&"&page="&blockPage-10&">前10页</a>&nbsp;")
  EndIf
  i=1
  DoUntili>10orblockPage>n
  IfblockPage=int(gopage)Then
  Response.Write("<fontcolor=#FF0000><b>"&blockPage&"</b></font>")
  Else
  Response.Write("<ahref="&LinkFile&"&page="&blockPage&">"&blockPage&"</a>")
  EndIf
  blockPage=blockPage+1
  i=i+1
  Loop
  ifblockPage>totalpageThen
  Response.Write"&nbsp;<spandisabled>后10页"
  Else
  Response.Write("&nbsp;<ahref="&LinkFile&"&page="&blockPage&">后10页</a><spandisabled>")
  EndIf
  response.write"直接到第"
  response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
  fori=1tototalpage
  response.write"<optionvalue='"&LinkFile&"&page="&i&"'"
  ifi=gopagethenresponse.write"selected"
  response.write">"&i&"</option>"
  next
  response.write"</select>"
  response.write"页<Br><Br>"
  
  else
  
  ifblockPage=1Then
  Response.Write"<spandisabled>【←前10页</span>&nbsp;"
  Else
  Response.Write("<spandisabled>【</span><ahref="&LinkFile&"?page="&blockPage-10&">←前10页</a>&nbsp;")
  EndIf
  i=1
  DoUntili>10orblockPage>n
  IfblockPage=int(gopage)Then
  Response.Write("<fontcolor=#FF0000>[<b>"&blockPage&"</b>]</font>")
  Else
  Response.Write("<ahref="&LinkFile&"?page="&blockPage&">["&blockPage&"]</a>")
  EndIf
  blockPage=blockPage+1
  i=i+1
  Loop
  ifblockPage>totalpageThen
  Response.Write"&nbsp;<spandisabled>后10页→】"
  Else
  Response.Write("&nbsp;<ahref="&LinkFile&"?page="&blockPage&">后10页→</a><spandisabled>】")
  EndIf
  response.write"直接到第"
  response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
  fori=1tototalpage
  response.write"<optionvalue='"&LinkFile&"?page="&i&"'"
  ifi=gopagethenresponse.write"selected"
  response.write">"&i&"</option>"
  next
  response.write"</select>"
  response.write"页<Br><Br>"
  
  EndIf
  
  Startinfo=((gopage-1)*msg_per_page)+1
  Endinfo=gopage*msg_per_page
  ifEndinfo>totalrecthenEndinfo=totalrec
  Response.Write("&nbsp;&nbsp;共"&totalrec&"条信息当前显示第"&Startinfo&"-"&Endinfo&"条每页"&msg_per_page&"条信息共"&n&"页")
  endif
  EndFunction
  
  '判断文件类型是否合格
  FunctionCheckFileExt(FileExt)
  DimForumUpload,i
  ForumUpload="gif,jpg,bmp,jpeg,png"
  ForumUpload=Split(ForumUpload,",")
  CheckFileExt=False
  Fori=0toUBound(ForumUpload)
  IfLCase(FileExt)=Lcase(Trim(ForumUpload(i)))Then
  CheckFileExt=True
  ExitFunction
  EndIf
  Next
  EndFunction
  '格式后缀
  FunctionFixName(UpFileExt)
  IfIsEmpty(UpFileExt)ThenExitFunction
  FixName=Lcase(UpFileExt)
  FixName=Replace(FixName,Chr(0),"")
  FixName=Replace(FixName,".","")
  FixName=Replace(FixName,"asp","")
  FixName=Replace(FixName,"asa","")
  FixName=Replace(FixName,"aspx","")
  FixName=Replace(FixName,"cer","")
  FixName=Replace(FixName,"cdx","")
  FixName=Replace(FixName,"htr","")
  EndFunction
  '文件Content-Type判断
  FunctionCheckFileType(FileType)
  CheckFileType=False
  IfLeft(Cstr(Lcase(Trim(FileType))),6)="image/"ThenCheckFileType=True
  EndFunction
  %>

分享到:
本文"ASP过滤SQL非法字符并格式化html代码"由远航站长收集整理而来,仅供大家学习与参考使用。更多网站制作教程尽在远航站长站。
顶一下
(0)
0%
踩一下
(0)
0%
[点击 次] [返回上一页] [打印]
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
用户名: 密码: 验证码:
关于本站 - 联系我们 - 网站声明 - 友情连接- 网站地图 - 站点地图 - 返回顶部
Copyright © 2007-2013 www.yhzhan.com(远航站长). All Rights Reserved .
远航站长:为中小站长提供最佳的学习与交流平台,提供网页制作与网站编程等各类网站制作教程.
官方QQ:445490277 网站群:26680406 网站备案号:豫ICP备07500620号-4