asp中常用的字符串安全处理函数集合(过滤特殊字符等)_应用技巧

复制代码 代码如下:

'=====================================
'转换内容,防止意外
'=====================================
Function Content_Encode(ByVal t0)
IF IsNull(t0) Or Len(t0)=0 Then
Content_Encode=""
Else
Content_Encode=Replace(t0,"<","<")
Content_Encode=Replace(Content_Encode,">",">")
End IF
End Function

'=====================================
'反转换内容
'=====================================
Function Content_Decode(ByVal t0)
IF IsNull(t0) Or Len(t0)=0 Then
Content_Decode=""
Else
Content_Decode=Replace(t0,"<","<")
Content_Decode=Replace(Content_Decode,">",">")
End IF
End Function

'=====================================
'过滤字符
'=====================================
Function FilterText(ByVal t0,ByVal t1)
IF Len(t0)=0 Or IsNull(t0) Or IsArray(t0) Then FilterText="":Exit Function
t0=Trim(t0)
Select Case t1
Case "1"
t0=Replace(t0,Chr(32)," ")
t0=Replace(t0,Chr(13),"")
t0=Replace(t0,Chr(10)&Chr(10),"<br>")
t0=Replace(t0,Chr(10),"<br>")
Case "2"
t0=Replace(t0,Chr(8),"")'回格
t0=Replace(t0,Chr(9),"")'tab(水平制表符)
t0=Replace(t0,Chr(10),"")'换行
t0=Replace(t0,Chr(11),"")'tab(垂直制表符)
t0=Replace(t0,Chr(12),"")'换页
t0=Replace(t0,Chr(13),"")'回车 chr(13)&chr(10) 回车和换行的组合
t0=Replace(t0,Chr(22),"")
t0=Replace(t0,Chr(32),"")'空格 SPACE
t0=Replace(t0,Chr(33),"")'!
t0=Replace(t0,Chr(34),"")'"
t0=Replace(t0,Chr(35),"")'#
t0=Replace(t0,Chr(36),"")'$
t0=Replace(t0,Chr(37),"")'%
t0=Replace(t0,Chr(38),"")'&
t0=Replace(t0,Chr(39),"")''
t0=Replace(t0,Chr(40),"")'(
t0=Replace(t0,Chr(41),"")')
t0=Replace(t0,Chr(42),"")'*
t0=Replace(t0,Chr(43),"")'+
t0=Replace(t0,Chr(44),"")',
t0=Replace(t0,Chr(45),"")'-
t0=Replace(t0,Chr(46),"")'.
t0=Replace(t0,Chr(47),"")'/
t0=Replace(t0,Chr(58),"")':
t0=Replace(t0,Chr(59),"")';
t0=Replace(t0,Chr(60),"")'<
t0=Replace(t0,Chr(61),"")'=
t0=Replace(t0,Chr(62),"")'>
t0=Replace(t0,Chr(63),"")'?
t0=Replace(t0,Chr(64),"")'@
t0=Replace(t0,Chr(91),"")'\
t0=Replace(t0,Chr(92),"")'\
t0=Replace(t0,Chr(93),"")']
t0=Replace(t0,Chr(94),"")'^
t0=Replace(t0,Chr(95),"")'_
t0=Replace(t0,Chr(96),"")'`
t0=Replace(t0,Chr(123),"")'{
t0=Replace(t0,Chr(124),"")'|
t0=Replace(t0,Chr(125),"")'}
t0=Replace(t0,Chr(126),"")'~
Case Else
t0=Replace(t0, "&", "&")
t0=Replace(t0, "'", "'")
t0=Replace(t0, """", """)
t0=Replace(t0, "<", "<")
t0=Replace(t0, ">", ">")
End Select
IF Instr(Lcase(t0),"expression")>0 Then
t0=Replace(t0,"expression","e­xpression", 1, -1, 0)
End If
FilterText=t0
End Function

'=====================================
'过滤常见字符及Html
'=====================================
Function FilterHtml(ByVal t0)
IF Len(t0)=0 Or IsNull(t0) Or IsArray(t0) Then FilterHtml="":Exit Function
IF Len(Sdcms_Badhtml)>0 Then t0=ReplaceText(t0,"<(\/|)("&Sdcms_Badhtml&")", "<$1$2")
IF Len(Sdcms_BadEvent)>0 Then t0=ReplaceText(t0,"<(.[^>]*)("&Sdcms_BadEvent&")", "<$1$2")
t0=FilterText(t0,0)
FilterHtml=t0
End Function

Function GotTopic(ByVal t0,ByVal t1)
IF Len(t0)=0 Or IsNull(t0) Then
GotTopic=""
Exit Function
End IF
Dim l,t,c, i
t0=Replace(Replace(Replace(Replace(t0," "," "),""",chr(34)),">",">"),"<","<")
l=Len(t0)
t=0
For I=1 To l
c=Abs(Asc(Mid(t0,i,1)))
IF c>255 Then t=t+2 Else t=t+1
IF t>=t1 Then
gotTopic=Left(t0,I)&"…"
Exit For
Else
GotTopic=t0
End IF
Next
GotTopic=Replace(Replace(Replace(Replace(GotTopic," "," "),chr(34),"""),">",">"),"<","<")
End Function

Function UrlDecode(ByVal t0)
Dim t1,t2,t3,i,t4,t5,t6
t1=""
t2=False
t3=""
For I=1 To Len(t0)
t4=Mid(t0,I,1)
IF t4="+" Then
t1=t1&" "
ElseIF t4="%" Then
t5=Mid(t0,i+1,2)
t6=Cint("&H" & t5)
IF t2 Then
t2=False
t1=t1&Chr(Cint("&H"&t3&t5))
Else
IF Abs(t6)<=127 then
t1=t1&Chr(t6)
Else
t2=True
t3=t5
End IF
End IF
I=I+2
Else
t1=t1&t4
End IF
Next
UrlDecode=t1
End Function

Function CutStr(byVal t0,byVal t1)
Dim l,t,c,i
IF IsNull(t0) Then CutStr="":Exit Function
l=Len(t0)
t1=Int(t1)
t=0
For I=1 To l
c=Asc(Mid(t0,I,1))
IF c<0 Or c>255 Then t=t+2 Else t=t+1
IF t>=t1 Then
CutStr=Left(t0,I)&"..."
Exit For
Else
CutStr=t0
End IF
Next
End Function

Function CloseHtml(ByVal t0)
Dim t1,I,t2,t3,Regs,Matches,J,Match
Set Regs=New RegExp
Regs.IgnoreCase=True
Regs.Global=True
t1=Array("p","div","span","table","ul","font","b","u","i","h1","h2","h3","h4","h5","h6")
For I=0 To UBound(t1)
t2=0
t3=0
Regs.Pattern="\<"&t1(I)&"( [^\<\>]+|)\>"
Set Matches=Regs.Execute(t0)
For Each Match In Matches
t2=t2+1
Next
Regs.Pattern="\</"&t1(I)&"\>"
Set Matches=Regs.Execute(t0)
For Each Match In Matches
t3=t3+1
Next
For j=1 To t2-t3
t0=t0+"</"&t1(I)&">"
Next
Next
CloseHtml=t0
End Function

时间: 2024-10-04 12:16:49

asp中常用的字符串安全处理函数集合(过滤特殊字符等)_应用技巧的相关文章

在ASP中不用模板生成HTML静态页直接生成.html页面_应用技巧

我们一般生成HTML静态页时,常常会事先做好一个模板,然后生成时调用模板文件.那么有没有办法不用模板,如一个正常的htmer.asp页面,直接生成为htmer.html页面呢?当然是可以的,而且非常简单,今天就教大家在ASP中不用模板生成HTML静态页的方法. 这里假设有一个htmer.asp动态页面,你想把它生成为HTML静态页面htmer.html,那么我们首先新建一个ASP程序文件htmer_to_html.asp(该文件就是用来将htmer.asp动态页面生成为静态页面htmer.htm

在asp中通过vbs类实现rsa加密与解密的代码_应用技巧

在asp中通过vbs类实现rsa加密与解密,建议入精华 本文章有两文件组成 test.asp 测试演示文件 clsrsa.asp 实现rsa加密与解密的vbs类文件 下面是代码: 1. test.asp  复制代码 代码如下: <%  rem 文章标题:在asp中通过vbs类实现rsa加密与解密  rem 收集整理:yanek  rem 联系:aspboy@263.net  %>  <%Option Explicit%>  <!--#INCLUDE FILE="cl

asp中通过getrows实现数据库记录分页的一段代码_应用技巧

<%@ Language = VBSCRIPT %> <% Option Explicit %> <% rem 在asp中通过getrows实现数据库记录分页的一段代码 Dim iStart, iOffset iStart = Request("Start") iOffset = Request("Offset")  if Not IsNumeric(iStart) or Len(iStart) = 0 then iStart = 0

ASP.NET中常用的三十三种代码第1/7页_实用技巧

1. 打开新的窗口并传送参数: 传送参数:  response.write("<script>window.open('*.aspx?id="+this.DropDownList1.SelectIndex+"&id1="+...+"')</script>")  接收参数:  string a = Request.QueryString("id");  string b = Request.Que

asp.ent(C#)中判断空字符串的3种方法以及性能分析_实用技巧

3种方法分别是: string a=""; 1.if(a=="") 2.if(a==String.Empty) 3.if(a.Length==0) 3种方法都是等效的,那么究竟那一种方法性能最高呢?本人用实验说明问题. 建立3个aspx页面(为什么用网页,主要是利用Microsoft Application Center Test ) WebForm1.aspx 复制代码 代码如下: private void Page_Load(object sender, Sys

简单的ASP中经常用到的代码[推荐]第1/4页_应用技巧

用数据库语句 1.select 语句:命令数据库引擎从数据库里返回信息,作为一组记录. 2.insert into 语句:添加一个或多个记录至一个表. 3.update 语句:创建更新查询来改变基于特定准则的指定表中的字段值. 4.delete 语句:创建一个删除查询把记录从 from 子句列出并符合 where 子句的一个或更多的表中清除. 5.execute 语句:用于激活 procedure(过程) 用 asp 来做一个自己的通讯录练练手吧-- 一.建立数据库: 用 microsoft a

asp中提示至少一个参数没有被指定值 解决方法_应用技巧

错误类型: Microsoft JET Database Engine (0x80040E10) 至少一个参数没有被指定值. 原因:在写SQL语句的时候,我们经常会调用一些参数,很可能这些参数中有一个没有被赋值. 解决:检查每一个参数的值是否真的传递过来了,很可能有些参数其实是"",这样的参数去索引数据库当然是不行的. 详细出处参考:http://www.jb51.net/article/26119.htm Access 至少一个参数没有被指定值 解决方法 最近刚开始用Access数据

ASP中使用Set ors=oConn.Execute()时获取记录数的方法_应用技巧

复制代码 代码如下: <% Dim oConn, ors, aRows Dim i,j Set oConn=Server.CreateObject("ADODB.Connection") oConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("database/newasp.resx") Set ors=oConn.Execute(&q

ASP中if语句、select 、while循环的使用方法_应用技巧

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/19