asp对于sql注入和xss的过滤函数
[ 2011-01-27 13:43:26 | 作者: admin ]
'*********************************************
'检查SQL字符串,并进行过滤
'*********************************************
function ChkSql(mysql)
if isnull(mysql) or isempty(mysql) or mysql="" then
mysql = ""
elseif IsNumeric(mysql) then
mysql = mysql
else
mysql = trim(mysql)
mysql = replace(mysql,"'","‘",1,-1,1)'不区分大小写
mysql = replace(mysql,"exec","e xec",1,-1,1)
...'检查SQL字符串,并进行过滤
'*********************************************
function ChkSql(mysql)
if isnull(mysql) or isempty(mysql) or mysql="" then
mysql = ""
elseif IsNumeric(mysql) then
mysql = mysql
else
mysql = trim(mysql)
mysql = replace(mysql,"'","‘",1,-1,1)'不区分大小写
mysql = replace(mysql,"exec","e xec",1,-1,1)
阅读全文…
1