[原创]ASP安全检测与过滤函数SafeCheck

王朝asp·作者佚名  2006-01-09
窄屏简体版  字體: |||超大  

'--------------------------------------------------------------------------

'作用:安全字符串检测函数

'名字:SafeCheck

'参数:CheckString,CheckType,CheckLength

'说明:

'Checkstring待检测字符串:任意字符.

'CheckType检测类型0正常短字符1数字2日期3金钱4编码HTML5解码HTML6登录字符串7防攻击检测

'CheckLength检测类型长度:类型为int,当为金钱时为小数点的位置

'返回值:如果通过检测,返回正确字符串,

'如果未通过则返回错误代码SYSTEM_ERROR|ERROR_CODE

'Script Writen by :SnowDu(杜雪.NET)

'Web:http://www.snsites.com/

'--------------------------------------------------------------------------

function SafeCheck(CheckString,CheckType,CheckLength)

On Error Resume Next

ErrorRoot="SYSTEM_ERROR|"

if checkString="" then

SafeCheck=ErrorRoot&"00001"

exit function

end if

CheckString=Replace(CheckString,"'","&#39")

select case CheckType

case 0

CheckString=trim(CheckString)

SafeCheck=Left(CheckString,CheckLength)

case 1

if not isnumberic(CheckString) then

SafeCheck=ErrorRoot&"00002"

exit function

else

SafeCheck=Left(CheckString,CheckLength)

end if

case 2

tempVar=IsDate(CheckString)

if Not TempVar then

SafeCheck=ErrorRoot&"00003"

exit function

else

select case CheckLength

case 0

SafeCheck=FormatDateTime(CheckString,vbShortDate)

case 1

SafeCheck=FormatDateTime(CheckString,vbLongDate)

case 2

SafeCheck=CheckString

end select

end if

case 3

tempVar=FormatCurrency(CheckString,0)

if Err then

SafeCheck=ErrorRoot&"00004"

exit function

else

SafeCheck=FormatCurrency(CheckString,CheckLength)

end if

case 4

sTemp = CheckString

If IsNull(sTemp) = True Then

SafeCheck=ErrorRoot&"00005"

Exit Function

End If

sTemp = Replace(sTemp, "&", "&")

sTemp = Replace(sTemp, "<", "&lt;")

sTemp = Replace(sTemp, ">", "&gt;")

sTemp = Replace(sTemp, Chr(34), "&quot;")

sTemp = Replace(sTemp, Chr(10), "<br>")

SafeCheck = Left(sTemp,CheckLength)

case 5

sTemp = CheckString

If IsNull(sTemp) = True Then

SafeCheck=ErrorRoot&"00006"

Exit Function

End If

sTemp = Replace(sTemp, "&amp;", "&")

sTemp = Replace(sTemp, "&lt;", "<")

sTemp = Replace(sTemp, "&gt;", ">")

sTemp = Replace(sTemp, "&quot;", Chr(34))

sTemp = Replace(sTemp, "<br>",Chr(10))

SafeCheck = Left(sTemp,CheckLength)

case 6

s_BadStr = "' &<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32)

n = Len(s_BadStr)

IsSafeStr = True

For i = 1 To n

If Instr(CheckString, Mid(s_BadStr, i, 1)) > 0 Then

IsSafeStr = False

End If

Next

if IsSafeStr then

SafeCheck=left(CheckString,CheckLength)

else

SafeCheck=ErrorRoot&"00007"

Exit Function

end if

case 7

s_Filter="net user|xp_cmdshell|/add|select|count|asc|char|mid|'|""|"

S_Filter=S_Filter&"insert|delete|drop|truncate|from|%|declare|-"

S_Filters=split(S_Filter,"|")

isFound=false

for i=0 to ubound(S_Filters)-1

if Instr(lcase(CheckString),lcase(S_Filters(i)))<>0 then

isFound=true

exit for

end if

next

if isFound then

SafeCheck=ErrorRoot&"00008"

Exit Function

else

SafeCheck=left(CheckString,CheckLength)

end if

end select

end function

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有  導航