<%
'******************************
'函數:CheckStr(byValChkStr)
'參數:ChkStr,待驗證的字符
'作者:阿里西西
'日期:2007/7/15
'描述:對SQL注入危險字符進行重編碼處理
'示例:CheckStr("and1=1orselect*from")
'******************************
FunctionCheckStr(byValChkStr)
DimStr:Str=ChkStr
Str=Trim(Str)
IfIsNull(Str)Then
CheckStr=""
ExitFunction
EndIf
Dimre
Setre=newRegExp
re.IgnoreCase=True
re.Global=True
re.Pattern="(/r/n){3,}"
Str=re.Replace(Str,"$1$1$1")
Setre=Nothing
Str=Replace(Str,"'","''")
Str=Replace(Str,"select","select")
Str=Replace(Str,"join","join")
Str=Replace(Str,"union","union")
Str=Replace(Str,"where","where")
Str=Replace(Str,"insert","insert")
Str=Replace(Str,"delete","delete")
Str=Replace(Str,"update","update")
Str=Replace(Str,"like","like")
Str=Replace(Str,"drop","drop")
Str=Replace(Str,"create","create")
Str=Replace(Str,"modify","modify")
Str=Replace(Str,"rename","rename")
Str=Replace(Str,"alter","alter")
Str=Replace(Str,"cast","cast")
CheckStr=Str
EndFunction
'反編上面函數處理過的字符串
FunctionUnCheckStr(Str)
Str=Replace(Str,"select","select")
Str=Replace(Str,"join","join")
Str=Replace(Str,"union","union")
Str=Replace(Str,"where","where")
Str=Replace(Str,"insert","insert")
Str=Replace(Str,"delete","delete")
Str=Replace(Str,"update","update")
Str=Replace(Str,"like","like")
Str=Replace(Str,"drop","drop")
Str=Replace(Str,"create","create")
Str=Replace(Str,"modify","modify")
Str=Replace(Str,"rename","rename")
Str=Replace(Str,"alter","alter")
Str=Replace(Str,"cast","cast")