<%

'******************************

'函数：CheckStr(byValChkStr)

'参数：ChkStr,待验证的字符

'作者：阿里西西

'日期：2007/7/15

'描述：对SQL注入危险字符进行重编码处理

'示例：CheckStr("and1=1orselect*from")

'******************************

FunctionCheckStr(byValChkStr)

DimStr:Str=ChkStr

Str=Trim(Str)

IfIsNull(Str)Then

CheckStr=""

ExitFunction

EndIf

Dimre

Setre=newRegExp

re.IgnoreCase=True

re.Global=True

re.Pattern="(rn){3,}"

Str=re.Replace(Str,"$1$1$1")

Setre=Nothing

Str=Replace(Str,"'","''")

Str=Replace(Str,"select","sel")

Str=Replace(Str,"join","jo")

Str=Replace(Str,"union","un")

Str=Replace(Str,"where","wh")

Str=Replace(Str,"insert","ins")

Str=Replace(Str,"delete","del")

Str=Replace(Str,"update","up")

Str=Replace(Str,"like","lik")

Str=Replace(Str,"drop","dro")

Str=Replace(Str,"create","cr")

Str=Replace(Str,"modify","mod")

Str=Replace(Str,"rename","ren")

Str=Replace(Str,"alter","alt")

Str=Replace(Str,"cast","ca")

CheckStr=Str

EndFunction

'反编上面函数处理过的字符串

FunctionUnCheckStr(Str)

Str=Replace(Str,"sel"select")

Str=Replace(Str,"jo")

Str=Replace(Str,"un"union")

Str=Replace(Str,"wh"where")

Str=Replace(Str,"ins"insert")

Str=Replace(Str,"del"delete")

Str=Replace(Str,"up"update")

Str=Replace(Str,"lik")

Str=Replace(Str,"dro")

Str=Replace(Str,"cr"create")

Str=Replace(Str,"mod"modify")

Str=Replace(Str,"ren"rename")

Str=Replace(Str,"alt"alter")

Str=Replace(Str,"ca")

UnCheckStr=Str

EndFunction

%>