蓝派网(www.lan27.com)-精选网络资源,分享和交流! 文章首页站内搜索在线手册广告代码酷站欣赏万年历
您现在的位置: 蓝派网 >> 文章中心 >> 网络编程 >> ASP >> 正文

checkStr与uncheckStr(过滤特殊字符与恢复特殊字符)

作者:佚名    文章来源:网络    更新时间:2008-10-29 16:51:07
'----------------------------------------------------------------'
' checkStr
' 过滤特殊字符,主要是去掉 SQL 关键词
' 参数:
' str 需要被过滤的字符串
' 返回值:字符串 (经过过滤后的字符串)
'----------------------------------------------------------------'
 程序代码

Function checkStr(byVal str)
s = Trim(s)

If IsNull(s) Then
checkStr = ""
Exit Function
End If

str = Replace(str, "&", "& amp;")
str = Replace(str, "'", "'")
str = Replace(str, """", """)

' 正则,替换 SQL 关键词
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(w)(here)"
str = re.Replace(str, "$1here")
re.Pattern = "(s)(elect)"
str = re.Replace(str, "$1elect")
re.Pattern = "(i)(nsert)"
str = re.Replace(str, "$1nsert")
re.Pattern = "(c)(reate)"
str = re.Replace(str,"$1reate")
re.Pattern = "(d)(rop)"
str = re.Replace(str, "$1rop")
re.Pattern = "(a)(lter)"
str = re.Replace(str, "$1lter")
re.Pattern = "(d)(elete)"
str = re.Replace(str, "$1elete")
re.Pattern = "(u)(pdate)"
str = re.Replace(str, "$1pdate")
re.Pattern = "(\s)(or)"
str = re.Replace(str, "$1or")
Set re = Nothing
checkStr = str
End Function


使用的时候把&和amp;之间的空格删掉

'----------------------------------------------------------------'
' uncheckStr
' 恢复特殊字符,checkStr 函数的逆操作
' 参数:
' str 需要被恢复的字符串
' 返回值:字符串 (恢复原来的字符串)
' 这个一般用在编辑的时候,显示用户输入的原始内容
'----------------------------------------------------------------'
 程序代码
Function uncheckStr(ByVal str)
If IsNull(str) Then
uncheckStr = ""
Exit Function
End If

str = Replace(str,"'","'")
str = Replace(str,""","""")

Dim re
Set re = new RegExp
re.IgnoreCase =True
re.Global = True
re.Pattern = "(w)(here)"
str = re.replace(str,"$1here")
re.Pattern = "(s)(elect)"
str = re.replace(str,"$1elect")
re.Pattern = "(i)(nsert)"
str = re.replace(str,"$1nsert")
re.Pattern = "(c)(reate)"
str = re.replace(str,"$1reate")
re.Pattern = "(d)(rop)"
str = re.replace(str,"$1rop")
re.Pattern = "(a)(lter)"
str = re.replace(str,"$1lter")
re.Pattern = "(d)(elete)"
str = re.replace(str,"$1elete")
re.Pattern = "(u)(pdate)"
str = re.replace(str,"$1pdate")
re.Pattern = "(\s)(or)"
Str = re.replace(Str,"$1or")
Set re = Nothing
str = Replace(str, "&", "&")
uncheckStr = str
End Function


这一对函数,正好是相反的两个操作。checkStr,将我们提交的数据进行过滤,替换掉可能导致 SQL 诸如的关键词。uncheckStr,将数据取出,反向过滤,恢复为用户提交的原始状态,一般在编辑的时候需要用到。

发表评论】【打印此文】【关闭窗口】【点击数:
★好玩的休闲小游戏★