Copy Code code as follows:
'**************************************************
' Function name: R
' Function: Filter illegal SQL characters
' Parameters: Strchar-----The characters to filter
' Return value: Filtered character
'**************************************************
Public Function R (Strchar)
If Strchar = "" Or IsNull (strchar) Then R = "": Exit Function
Dim Strbadchar, Arrbadchar, Tempchar, I
' Strbadchar = ' $,#, ',%,^,&,?, (,), <,>,[,],{,},/,\,;,:, "& Chr (+) &", & Chr (0) & ""
Strbadchar = "+, ',--,%,^,&,?, (,), <,>,[,],{,},/,\,;,:," & Chr (+) & ", & Chr (0) &" "
Arrbadchar = Split (Strbadchar, ",")
Tempchar = Strchar
For I = 0 to UBound (Arrbadchar)
Tempchar = Replace (Tempchar, Arrbadchar (I), "")
Next
Tempchar = Replace (Tempchar, "@@", "@")
R = Tempchar
End Function
' Filter XSS
Function CHECKXSS (ByVal strcode)
Dim Re
Set re=new REGEXP
Re. IgnoreCase =true
Re. Global=true
Re. Pattern= ". [^>]* (Style) .> "
Strcode = Re. Replace (Strcode, "")
Re. Pattern= "< (a.[^>]*|\/a|li|br| B|\/li|\/b|font. [^>]*|\/font) > "
Strcode=re. Replace (Strcode, "[$]")
Strcode=replace (Replace (Strcode, "<", "<"), ">", ">")
Re. Pattern= "\[(a.[^\]]*|\/a|li|br| B|\/li|\/b|font. [^\]] *|\/font) \] "
Strcode=re. Replace (Strcode, "<$1>")
Re. Pattern= ". [^>]* (On (Load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)). > "
Strcode = Re. Replace (Strcode, "")
Set re=nothing
Checkxss=strcode
End Function
Function Filterids (ByVal strids)
Dim Arrids,i,strreturn
Strids=trim (Strids)
If Len (strids) =0 Then Exit Function
Arrids=split (Strids, ",")
For i=0 to Ubound (arrids)
If chkclng (Trim (Arrids (i)) <>0 Then
Strreturn=strreturn & "," & Int (Arrids (i))
End If
Next
If Left (strreturn,1) = "," Then strreturn=right (Strreturn,len (Strreturn)-1)
Filterids=strreturn
End Function
