IDC资讯中心
————————————————————————–
作用:安全字符串检测函数
名字:safecheck
参数:checkstring,checktype,checklength
说明:
checkstring待检测字符串:任意字符.
checktype检测类型0正常短字符1数字2日期3金钱4编码html5解码html6登录字符串7防攻击检测
checklength检测类型长度:类型为int,当为金钱时为小数点的位置
返回值:如果通过检测,返回正确字符串,
如果未通过则返回错误代码system_error|error_code
script writen by :snowdu(杜雪.net)
web:http://www.snsites.com/
————————————————————————–
function safecheck(checkstring,checktype,checklength)
on error resume next
errorroot="system_error|"
if checkstring="" then
safecheck=errorroot&"00001"
exit function
end if
checkstring=replace(checkstring,"","'")
select case checktype
case 0
checkstring=trim(checkstring)
safecheck=left(checkstring,checklength)
case 1
if not isnumberic(checkstring) then
safecheck=errorroot&"00002"
exit function
else
safecheck=left(checkstring,checklength)
end if
case 2
tempvar=isdate(checkstring)
if not tempvar then
safecheck=errorroot&"00003"
exit function
else
select case checklength
case 0
safecheck=formatdatetime(checkstring,vbshortdate)
case 1
safecheck=formatdatetime(checkstring,vblongdate)
case 2
safecheck=checkstring
end select
end if
case 3
tempvar=formatcurrency(checkstring,0)
if err then
safecheck=errorroot&"00004"
exit function
else
safecheck=formatcurrency(checkstring,checklength)
end if
case 4
stemp = checkstring
if isnull(stemp) = true then
safecheck=errorroot&"00005"
exit function
end if
stemp = replace(stemp, "&", "&")
stemp = replace(stemp, "<", "<")
stemp = replace(stemp, ">", ">")
stemp = replace(stemp, chr(34), """)
stemp = replace(stemp, chr(10), "<br>")
safecheck = left(stemp,checklength)
case 5
stemp = checkstring
if isnull(stemp) = true then
safecheck=errorroot&"00006"
exit function
end if
stemp = replace(stemp, "&", "&")
stemp = replace(stemp, "<", "<")
stemp = replace(stemp, ">", ">")
stemp = replace(stemp, """, chr(34))
stemp = replace(stemp, "<br>",chr(10))
safecheck = left(stemp,checklength)
case 6
s_badstr = " &<>?%,;:()`~!@#$^*{}[]|+-=" & chr(34) & chr(9) & chr(32)
n = len(s_badstr)
issafestr = true
for i = 1 to n
if instr(checkstring, mid(s_badstr, i, 1)) > 0 then
issafestr = false
end if
next
if issafestr then
safecheck=left(checkstring,checklength)
else
safecheck=errorroot&"00007"
exit function
end if
case 7
s_filter="net user|xp_cmdshell|/add|select|count|asc|char|mid||""|"
s_filter=s_filter&"insert|delete|drop|truncate|from|%|declare|-"
s_filters=split(s_filter,"|")
isfound=false
for i=0 to ubound(s_filters)-1
if instr(lcase(checkstring),lcase(s_filters(i)))<>0 then
isfound=true
exit for
end if
next
if isfound then
safecheck=errorroot&"00008"
exit function
else
safecheck=left(checkstring,checklength)
end if
end select
end function
