复制代码 代码如下:

'**************************************************

'函数名：R

'作 用：过滤非法的SQL字符

'参 数：strChar-----要过滤的字符

'返回值：过滤后的字符

'**************************************************

Public Function R(strChar)

If strChar = "" Or IsNull(strChar) Then R = "":Exit Function

Dim strBadChar, arrBadChar, tempChar, I

'strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,,;,:," & Chr(34) & "," & Chr(0) & ""

strBadChar = "+,',--,%,^,&,?,(,),<,>,[,],{,},/,,;,:," & Chr(34) & "," & Chr(0) & ""

arrBadChar = Split(strBadChar, ",")

tempChar = strChar

For I = 0 To UBound(arrBadChar)

tempChar = Replace(tempChar, arrBadChar(I), "")

Next

tempChar = Replace(tempChar, "@@", "@")

R = tempChar

End Function

'过滤xss

Function CheckXSS(ByVal strCode)

Dim Re

Set re=new RegExp

re.IgnoreCase =True

re.Global=True

re.Pattern="<.[^>]*(style).>"

strCode = re.Replace(strCode, "")

re.Pattern="<(a.[^>]*|/a|li|br|B|/li|/B|font.[^>]*|/font)>"

strCode=re.Replace(strCode,"[$1]")

strCode=Replace(Replace(strCode, "<", "<"), ">", ">")

re.Pattern="[(a.[^]]*|/a|li|br|B|/li|/B|font.[^]]*|/font)]"

strCode=re.Replace(strCode,"<$1>")

re.Pattern="<.[^>]*(on(load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)).>"

strCode = re.Replace(strCode, "")

Set Re=Nothing

CheckXSS=strCode

End Function

Function FilterIDs(byval strIDs)

Dim arrIDs,i,strReturn

strIDs=Trim(strIDs)

If Len(strIDs)=0 Then Exit Function

arrIDs=Split(strIDs,",")

For i=0 To Ubound(arrIds)

If ChkClng(Trim(arrIDs(i)))<>0 Then

strReturn=strReturn & "," & Int(arrIDs(i))

End If

Next

If Left(strReturn,1)="," Then strReturn=Right(strReturn,Len(strReturn)-1)

FilterIDs=strReturn

End Function