Security | functions | strings
'--------------------------------------------------------------------------
' Role: Secure string detection function
' Name: Safecheck
' Parameter: checkstring,checktype,checklength
Description
' Checkstring to detect string: any character.
' Checktype detection type 0 normal short character 1 digit 2nd period 3 Money 4 encoded HTML5 decoding HTML6 login string 7 anti-attack detection
' Checklength detection type length: type int, position of decimal point when money is
' Return value: If the correct string is returned by detection,
' Return error code if not passed system_error| Error_code
' Script writen by:snowdu (Duche. NET)
' web:http://www.snsites.com/
'--------------------------------------------------------------------------
function Safecheck (checkstring,checktype,checklength)
On Error Resume Next
errorroot= "system_error|"
If checkstring= "" Then
safecheck=errorroot& "00001"
Exit function
End If
Checkstring=replace (checkstring, "'", "" ")
Select Case Checktype
Case 0
Checkstring=trim (checkstring)
Safecheck=left (Checkstring,checklength)
Case 1
If not isnumberic (checkstring) Then
safecheck=errorroot& "00002"
Exit function
Else
Safecheck=left (Checkstring,checklength)
End If
Case 2
Tempvar=isdate (checkstring)
If not TempVar then
safecheck=errorroot& "00003"
Exit function
Else
Select Case Checklength
Case 0
Safecheck=formatdatetime (Checkstring,vbshortdate)
Case 1
Safecheck=formatdatetime (Checkstring,vblongdate)
Case 2
Safecheck=checkstring
End Select
End If
Case 3
Tempvar=formatcurrency (checkstring,0)
If Err Then
safecheck=errorroot& "00004"
Exit function
Else
Safecheck=formatcurrency (Checkstring,checklength)
End If
Case 4
Stemp = checkstring
If IsNull (stemp) = True Then
safecheck=errorroot& "00005"
Exit Function
End If
Stemp = Replace (Stemp, "&", "&")
Stemp = Replace (Stemp, "<", "<")
Stemp = Replace (stemp, ">", ">")
Stemp = Replace (Stemp, Chr (34), "" ")
Stemp = Replace (Stemp, Chr (), "<br>")
Safecheck = Left (stemp,checklength)
Case 5
Stemp = checkstring
If IsNull (stemp) = True Then
safecheck=errorroot& "00006"
Exit Function
End If
Stemp = Replace (Stemp, "&", "&")
Stemp = Replace (Stemp, "<", "<")
Stemp = Replace (stemp, ">", ">")
Stemp = Replace (Stemp, "" ", Chr (34))
Stemp = Replace (stemp, "<br>", Chr (10))
Safecheck = Left (stemp,checklength)
Case 6
S_badstr = "' &<>?%,;:() ' ~!@#$^*{}[]|+-= ' & Chr (+) & Chr (9) & Chr (32)
n = Len (S_BADSTR)
Issafestr = True
For i = 1 to n
If Instr (checkstring, Mid (S_badstr, I, 1)) > 0 Then
Issafestr = False
End If
Next
If Issafestr Then
Safecheck=left (Checkstring,checklength)
Else
safecheck=errorroot& "00007"
Exit Function
End If
Case 7
s_filter= "Net user|xp_cmdshell|/add|select|count|asc|char|mid| ' |" | "|"
s_filter=s_filter& "insert|delete|drop|truncate|from|%| declare|-"
S_filters=split (S_filter, "|")
Isfound=false
For i=0 to UBound (s_filters)-1
If Instr (LCase (checkstring), LCase (S_filters (i)) <>0 then
Isfound=true
Exit For
End If
Next
If Isfound Then
safecheck=errorroot& "00008"
Exit Function
Else
Safecheck=left (Checkstring,checklength)
End If
End Select
End Function