'作用:安全字符串检测函数 '名字:SafeCheck '参数:CheckString,CheckType,CheckLength '说明: 'Checkstring待检测字符串:任意字符. 'CheckType检测类型0正常短字符1数字2日期3金钱4编码HTML5解码HTML6登录字符串7防攻击检测 'CheckLength检测类型长度:类型为int,当为金钱时为小数点的位置 '返回值:如果通过检测,返回正确字符串, '如果未通过则返回错误代码SYSTEM_ERROR|ERROR_CODE 'Script Writen by :SnowDu(杜雪.NET) 'Web:http://www.snsites.com/ 'Web:http://www.knowsky.com/ '------------------------------------------- function SafeCheck(CheckString,CheckType,CheckLength) On Error Resume Next ErrorRoot="SYSTEM_ERROR|" if checkString="" then SafeCheck=ErrorRoot&"00001" exit function end if CheckString=Replace(CheckString,"'","'") select case CheckType case 0 CheckString=trim(CheckString) SafeCheck=Left(CheckString,CheckLength) case 1 if not isnumberic(CheckString) then SafeCheck=ErrorRoot&"00002" exit function else SafeCheck=Left(CheckString,CheckLength) end if case 2 tempVar=IsDate(CheckString) if Not TempVar then SafeCheck=ErrorRoot&"00003" exit function else select case CheckLength case 0 SafeCheck=FormatDateTime(CheckString,vbShortDate) case 1 SafeCheck=FormatDateTime(CheckString,vbLongDate) case 2 SafeCheck=CheckString end select end if case 3 tempVar=FormatCurrency(CheckString,0) if Err then SafeCheck=ErrorRoot&"00004" exit function else SafeCheck=FormatCurrency(CheckString,CheckLength) end if case 4 sTemp = CheckString If IsNull(sTemp) = True Then SafeCheck=ErrorRoot&"00005" Exit Function End If sTemp = Replace(sTemp, "&", "&") sTemp = Replace(sTemp, "<", "<") sTemp = Replace(sTemp, ">", ">") sTemp = Replace(sTemp, Chr(34), """) sTemp = Replace(sTemp, Chr(10), "<br>") SafeCheck = Left(sTemp,CheckLength) case 5 sTemp = CheckString If IsNull(sTemp) = True Then SafeCheck=ErrorRoot&"00006" Exit Function End If sTemp = Replace(sTemp, "&", "&") sTemp = Replace(sTemp, "<", "<") sTemp = Replace(sTemp, ">", ">") sTemp = Replace(sTemp, """, Chr(34)) sTemp = Replace(sTemp, "<br>",Chr(10)) SafeCheck = Left(sTemp,CheckLength) case 6 s_BadStr = "' &<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32) n = Len(s_BadStr) IsSafeStr = True For i = 1 To n If Instr(CheckString, Mid(s_BadStr, i, 1)) > 0 Then IsSafeStr = False End If Next if IsSafeStr then SafeCheck=left(CheckString,CheckLength) else SafeCheck=ErrorRoot&"00007" Exit Function end if case 7 s_Filter="net user|xp_cmdshell|/add|select|count|asc|char|mid|'|""|" S_Filter=S_Filter&"insert|delete|drop|truncate|from|%|declare|-" S_Filters=split(S_Filter,"|") isFound=false for i=0 to ubound(S_Filters)-1 if Instr(lcase(CheckString),lcase(S_Filters(i)))<>0 then isFound=true exit for end if next if isFound then SafeCheck=ErrorRoot&"00008" Exit Function else SafeCheck=left(CheckString,CheckLength) end if end select end function |