ASP过滤SQL非法字符并格式化html代码
<%
functionchangechr(str)
changechr=replace(replace(replace(replace(str,"<","<"),">",">"),chr(13),"<br>"),""," ")
changechr=replace(replace(replace(replace(changechr,"[sayyes]","<divalign=center><imgsrc="),"[b]","<b>"),"[red]","<fontcolor=CC0000>"),"[big]","<fontsize=7>")
changechr=replace(replace(replace(replace(changechr,"[/sayyes]","></img></div>"),"[/b]","</b>"),"[/red]","</font>"),"[/big]","</font>")
endfunction
'过滤SQL非法字符并格式化html代码
functionReplace_Text(fString)
ifisnull(fString)then
Replace_Text=""
exitfunction
else
fString=trim(fString)
fString=replace(fString,"'","''")
fString=replace(fString,";",";")
fString=replace(fString,"--","—")
fString=server.htmlencode(fString)
Replace_Text=fString
endif
endfunction
'会员发布的各种信息过滤
'FunctionReplace_Text(fString)
'IfNotIsNull(fString)Then
'fString=trim(fString)
'fString=replace(fString,";",";")'分号过滤
'fString=replace(fString,"--","——")'--过滤
'fString=replace(fString,"%20","")'特殊字符过滤
'fString=replace(fString,"==","")'==过滤
'fString=replace(fString,">",">")
'fString=replace(fString,"<","<")
'fString=Replace(fString,CHR(32),"")'
'fString=Replace(fString,CHR(9),"")'
'fString=Replace(fString,CHR(34),""")
'fString=Replace(fString,CHR(39),"'")'单引号过滤
'fString=Replace(fString,CHR(13),"")
'fString=Replace(fString,CHR(10)&CHR(10),"</P><P>")
'fString=Replace(fString,CHR(10),"<BR>")
'Replace_Text=fString
'EndIf
'EndFunction
'过滤SQL非法字符
FunctioncheckStr(Chkstr)
dimStr:Str=Chkstr
ifisnull(Str)then
checkStr=""
exitFunction
else
Str=replace(Str,"'","")
Str=replace(Str,";","")
Str=replace(Str,"--","")
checkStr=Str
endif
EndFunction
'检测传递的参数是否为数字型
FunctionChkrequest(Para)
Chkrequest=False
IfNot(IsNull(Para)OrTrim(Para)=""OrNotIsNumeric(Para))Then
Chkrequest=True
EndIf
EndFunction
'检测传递的参数是否为日期型
FunctionChkrequestdate(Para)
Chkrequestdate=False
IfNot(IsNull(Para)OrTrim(Para)=""OrNotIsDate(Para))Then
Chkrequestdate=True
EndIf
EndFunction
'得到当前页面的地址
FunctionGetUrl()
OnErrorResumeNext
DimstrTemp
IfLCase(Request.ServerVariables("HTTPS"))="off"Then
strTemp="http://"
Else
strTemp="https://"
EndIf
strTemp=strTemp&CheckStr(Request.ServerVariables("SERVER_NAME"))
IfRequest.ServerVariables("SERVER_PORT")<>80ThenstrTemp=strTemp&":"&CheckStr(Request.ServerVariables("SERVER_PORT"))
strTemp=strTemp&CheckStr(Request.ServerVariables("URL"))
IfTrim(Request.QueryString)<>""ThenstrTemp=strTemp&"?"&CheckStr(Trim(Request.QueryString))
GetUrl=strTemp
EndFunction
'FunctionCheckReferer()'检查用户是否在浏览器里输入了本页的地址
'DimsReferer,Icheck
'CheckReferer=True
'sReferer=Request.ServerVariables("HTTP_REFERER")
'ServerIP=Request.ServerVariables("LOCAL_ADDR")
'Icheck=InStr(sReferer,"ServerIP")
'IfIcheck=0Then
'CheckReferer=False
'EndIf
'EndFunction
'日期格式化
FunctionFormatDate(DT,tp)
dimY,M,D
Y=Year(DT)
M=month(DT)
D=Day(DT)
ifM<10thenM="0"&M
ifD<10thenD="0"&D
selectcasetp
case1FormatDate=Y&"年"&M&"月"&D&"日"
case2FormatDate=Y&"-"&M&"-"&D
endselect
EndFunction
'不允许外部提交数据的选择
FunctionChkPost()
dimHTTP_REFERER,SERVER_NAME
dimserver_v1,server_v2
chkpost=false
SERVER_NAME=CheckStr(Request.ServerVariables("SERVER_NAME"))
HTTP_REFERER=CheckStr(Request.ServerVariables("HTTP_REFERER"))
server_v1=Cstr(HTTP_REFERER)
server_v2=Cstr(SERVER_NAME)
ifmid(server_v1,8,len(server_v2))<>server_v2then
chkpost=false
else
chkpost=true
endif
EndFunction
'构造上传图片文件名随机数
functionMakedownName()
dimfname
fname=now()
fname=replace(fname,"-","")
fname=replace(fname,"","")
fname=replace(fname,":","")
fname=replace(fname,"PM","")
fname=replace(fname,"AM","")
fname=replace(fname,"上午","")
fname=replace(fname,"下午","")
fname=int(fname)+int((10-1+1)*Rnd+1)
MakedownName=fname
endfunction
'Email检测
functionIsValidEmail(email)
dimnames,name,i,c
IsValidEmail=true
names=Split(email,"@")
ifUBound(names)<>1then
IsValidEmail=false
exitfunction
endif
foreachnameinnames
ifLen(name)<=0then
IsValidEmail=false
exitfunction
endif
fori=1toLen(name)
c=Lcase(Mid(name,i,1))
ifInStr("abcdefghijklmnopqrstuvwxyz_-.",c)<=0andnotIsNumeric(c)then
IsValidEmail=false
exitfunction
endif
next
ifLeft(name,1)="."orRight(name,1)="."then
IsValidEmail=false
exitfunction
endif
next
ifInStr(names(1),".")<=0then
IsValidEmail=false
exitfunction
endif
i=Len(names(1))-InStrRev(names(1),".")
ifi<>2andi<>3then
IsValidEmail=false
exitfunction
endif
ifInStr(email,"..")>0then
IsValidEmail=false
endif
endfunction
'Jmail邮件发送
FunctionSendJmail(Email,Topic,MailBody)
DimJMail
onerrorresumenext
SetJMail=Server.CreateObject("JMail.SMTPMail")
JMail.LazySend=true
JMail.silent=true
JMail.Charset="gb2312"
JMail.ContentType="text/html"
JMail.Sender="wemaster@alibaba.info"'我们网站自己的邮箱
JMail.ReplyTo="wemaster@alibaba.info"'我们网站自己的邮箱
JMail.SenderName="阿里爸爸邮件发送"
JMail.Subject=Topic
JMail.SimpleLayout=true
JMail.Body=MailBody
JMail.Priority=3
JMail.AddRecipientEmail
JMail.AddHeader"Originating-IP",GBL_IPAddress
IfJMail.Execute()=falseThen
SendJmail=0
Else
SendJmail=1
EndIf
JMail.Close
SetJMail=Nothing
EndFunction
'分页
FunctionlistPages(LinkFile)
ifnot(rs.eofandrs.bof)then
gopage=currentpage
totalpage=n
blockPage=Int((gopage-1)/10)*10+1
'ifinstr(linkfile,"?page=")>0orinstr(linkfile,"&page=")>0then
'pos=instr(linkfile,"page=")-2
'linkfile=left(linkfile,pos)
'endif
IfLCase(Request.ServerVariables("HTTPS"))="off"Then
strTemp="http://"
Else
strTemp="https://"
EndIf
strTemp=strTemp&CheckStr(Request.ServerVariables("SERVER_NAME"))
IfRequest.ServerVariables("SERVER_PORT")<>80ThenstrTemp=strTemp&":"&CheckStr(Request.ServerVariables("SERVER_PORT"))
strTemp=strTemp&CheckStr(Request.ServerVariables("URL"))
lenstrTemp=len(strTemp)+1
ifinstr(left(linkfile,lenstrTemp),"?")>0then
ifblockPage=1Then
Response.Write"<spandisabled>【←前10页</span> "
Else
Response.Write("<spandisabled>【</span><ahref="&LinkFile&"&page="&blockPage-10&">←前10页</a> ")
EndIf
i=1
DoUntili>10orblockPage>n
IfblockPage=int(gopage)Then
Response.Write("<fontcolor=#FF0000>[<b>"&blockPage&"</b>]</font>")
Else
Response.Write("<ahref="&LinkFile&"&page="&blockPage&">["&blockPage&"]</a>")
EndIf
blockPage=blockPage+1
i=i+1
Loop
ifblockPage>totalpageThen
Response.Write" <spandisabled>后10页→】"
Else
Response.Write(" <ahref="&LinkFile&"&page="&blockPage&">后10页→</a><spandisabled>】")
EndIf
response.write"直接到第"
response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
fori=1tototalpage
response.write"<optionvalue='"&LinkFile&"&page="&i&"'"
ifi=gopagethenresponse.write"selected"
response.write">"&i&"</option>"
next
response.write"</select>"
response.write"页<Br><Br>"
else
ifblockPage=1Then
Response.Write"<spandisabled>【←前10页</span> "
Else
Response.Write("<spandisabled>【</span><ahref="&LinkFile&"?page="&blockPage-10&">←前10页</a> ")
EndIf
i=1
DoUntili>10orblockPage>n
IfblockPage=int(gopage)Then
Response.Write("<fontcolor=#FF0000>[<b>"&blockPage&"</b>]</font>")
Else
Response.Write("<ahref="&LinkFile&"?page="&blockPage&">["&blockPage&"]</a>")
EndIf
blockPage=blockPage+1
i=i+1
Loop
ifblockPage>totalpageThen
Response.Write" <spandisabled>后10页→】"
Else
Response.Write(" <ahref="&LinkFile&"?page="&blockPage&">后10页→</a><spandisabled>】")
EndIf
response.write"直接到第"
response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
fori=1tototalpage
response.write"<optionvalue='"&LinkFile&"?page="&i&"'"
ifi=gopagethenresponse.write"selected"
response.write">"&i&"</option>"
next
response.write"</select>"
response.write"页<Br><Br>"
EndIf
Startinfo=((gopage-1)*msg_per_page)+1
Endinfo=gopage*msg_per_page
ifEndinfo>totalrecthenEndinfo=totalrec
Response.Write(" 共"&totalrec&"条信息当前显示第"&Startinfo&"-"&Endinfo&"条每页"&msg_per_page&"条信息共"&n&"页")
endif
EndFunction
'分页2
FunctionlistPages2(LinkFile)
ifnot(rs.eofandrs.bof)then
gopage=currentpage
totalpage=n
blockPage=Int((gopage-1)/10)*10+1
IfLCase(Request.ServerVariables("HTTPS"))="off"Then
strTemp="http://"
Else
strTemp="https://"
EndIf
strTemp=strTemp&CheckStr(Request.ServerVariables("SERVER_NAME"))
IfRequest.ServerVariables("SERVER_PORT")<>80ThenstrTemp=strTemp&":"&CheckStr(Request.ServerVariables("SERVER_PORT"))
strTemp=strTemp&CheckStr(Request.ServerVariables("URL"))
lenstrTemp=len(strTemp)+1
ifinstr(left(linkfile,lenstrTemp),"?")>0then
ifblockPage=1Then
Response.Write"<spandisabled>前10页</span> "
Else
Response.Write("<ahref="&LinkFile&"&page="&blockPage-10&">前10页</a> ")
EndIf
i=1
DoUntili>10orblockPage>n
IfblockPage=int(gopage)Then
Response.Write("<fontcolor=#FF0000><b>"&blockPage&"</b></font>")
Else
Response.Write("<ahref="&LinkFile&"&page="&blockPage&">"&blockPage&"</a>")
EndIf
blockPage=blockPage+1
i=i+1
Loop
ifblockPage>totalpageThen
Response.Write" <spandisabled>后10页"
Else
Response.Write(" <ahref="&LinkFile&"&page="&blockPage&">后10页</a><spandisabled>")
EndIf
response.write"直接到第"
response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
fori=1tototalpage
response.write"<optionvalue='"&LinkFile&"&page="&i&"'"
ifi=gopagethenresponse.write"selected"
response.write">"&i&"</option>"
next
response.write"</select>"
response.write"页<Br><Br>"
else
ifblockPage=1Then
Response.Write"<spandisabled>【←前10页</span> "
Else
Response.Write("<spandisabled>【</span><ahref="&LinkFile&"?page="&blockPage-10&">←前10页</a> ")
EndIf
i=1
DoUntili>10orblockPage>n
IfblockPage=int(gopage)Then
Response.Write("<fontcolor=#FF0000>[<b>"&blockPage&"</b>]</font>")
Else
Response.Write("<ahref="&LinkFile&"?page="&blockPage&">["&blockPage&"]</a>")
EndIf
blockPage=blockPage+1
i=i+1
Loop
ifblockPage>totalpageThen
Response.Write" <spandisabled>后10页→】"
Else
Response.Write(" <ahref="&LinkFile&"?page="&blockPage&">后10页→</a><spandisabled>】")
EndIf
response.write"直接到第"
response.write"<selectonchange=if(this.options[this.selectedIndex].value!=''){location=this.options[this.selectedIndex].value;}>"
fori=1tototalpage
response.write"<optionvalue='"&LinkFile&"?page="&i&"'"
ifi=gopagethenresponse.write"selected"
response.write">"&i&"</option>"
next
response.write"</select>"
response.write"页<Br><Br>"
EndIf
Startinfo=((gopage-1)*msg_per_page)+1
Endinfo=gopage*msg_per_page
ifEndinfo>totalrecthenEndinfo=totalrec
Response.Write(" 共"&totalrec&"条信息当前显示第"&Startinfo&"-"&Endinfo&"条每页"&msg_per_page&"条信息共"&n&"页")
endif
EndFunction
'判断文件类型是否合格
FunctionCheckFileExt(FileExt)
DimForumUpload,i
ForumUpload="gif,jpg,bmp,jpeg,png"
ForumUpload=Split(ForumUpload,",")
CheckFileExt=False
Fori=0toUBound(ForumUpload)
IfLCase(FileExt)=Lcase(Trim(ForumUpload(i)))Then
CheckFileExt=True
ExitFunction
EndIf
Next
EndFunction
'格式后缀
FunctionFixName(UpFileExt)
IfIsEmpty(UpFileExt)ThenExitFunction
FixName=Lcase(UpFileExt)
FixName=Replace(FixName,Chr(0),"")
FixName=Replace(FixName,".","")
FixName=Replace(FixName,"asp","")
FixName=Replace(FixName,"asa","")
FixName=Replace(FixName,"aspx","")
FixName=Replace(FixName,"cer","")
FixName=Replace(FixName,"cdx","")
FixName=Replace(FixName,"htr","")
EndFunction
'文件Content-Type判断
FunctionCheckFileType(FileType)
CheckFileType=False
IfLeft(Cstr(Lcase(Trim(FileType))),6)="image/"ThenCheckFileType=True
EndFunction
%>