asp全功能安全过滤函数的代码

来源:互联网 时间:1970-01-01

asp全功能安全过滤函数

Function IIF(Expression,ReturnTrue,ReturnFalse)
If Expression Then
IIF = ReturnTrue
Else
IIF = ReturnFalse
End If
End Function
'函数:全功能安全过滤函数
'参数:请求方式,过滤类型,请求名,值类型,默认值
Function SafeRequest(Requester,FilterType,RequestName,RequestType,DefaultValue)
Dim tmpValue
Select Case Requester
Case 0 : tmpValue = RequestName
Case 1 : tmpValue = Request(RequestName)
Case 2 : tmpValue = Request.Form(RequestName)
Case 3 : tmpValue = Request.QueryString(RequestName)
Case 4 : tmpValue = Request.Cookies(RequestName)
End Select

Select Case RequestType
Case 0
If Not IsNumeric(tmpValue) Or Len(tmpValue)<=0 Then
tmpValue = CLng(DefaultValue)
Else
tmpValue = CLng(tmpValue)
End If
Case 1
If tmpValue="" Or IsNull(tmpValue) Then tmpValue=DefaultValue
Select Case FilterType
Case 0 : tmpValue = tmpValue
Case 1 : tmpValue = SafeSql(tmpValue)
Case 2 : tmpValue = FilterHtml(tmpValue)
End Select
Case 2
If Not IsDate(tmpValue) Or Len(tmpValue) <=0 Then
tmpValue = CDate(DefaultValue)
Else
tmpValue = CDate(tmpValue)
End If
End Select

SafeRequest = tmpValue
End Function

'函数:危险Sql过滤
'参数:Sql
'返回:过滤结果
Function SafeSql(str)
SafeSql = Replace(str, "'", "&#39;")
End Function
'函数:过滤Html标签
'参数:字符串
'返回:过滤后的字符串
Function FilterHtml(str)
If IsNull(str) Or str="" Then FilterHtml="" : Exit Function
Dim r
Set r = New RegExp
r.IgnoreCase = True
r.Global = True
r.MultiLine = True

r.Pattern = "<.+?>"
FilterHtml = r.Replace(str,"")
Set r = Nothing
End Function

相关阅读:
Top