ASP filters SQL illegal characters and formats HTML code

Sql

<%
function CHANGECHR (str)
Changechr=replace (replace (replace (str, <, <), ">", ">"), Chr (+), "<br>"), "", "" "
Changechr=replace (replace (replace (CHANGECHR, [Sayyes], <div align=center>, " <b> ")," [Red] "," <font color=cc0000> ")," [Big] "," <font size=7> ")
Changechr=replace (replace (CHANGECHR, "[/sayyes]", "></img></div>"),"", "</ B> ")," [/red] "," </font> ")," [/big] "," </font> ")
End Function

' Filter SQL illegal characters and format HTML code
function Replace_text (fstring)
If IsNull (fstring) Then
Replace_text= ""
Exit function
Else
Fstring=trim (fstring)
Fstring=replace (fstring, "'", "" ")
Fstring=replace (fstring, ";", ";")
Fstring=replace (Fstring, "--", "-")
Fstring=server.htmlencode (fstring)
Replace_text=fstring
End If
End Function

All kinds of information filtering for member releases
' Function replace_text (fstring)
' If not IsNull (fstring) Then
' fstring = Trim (fstring)
' fstring = replace (fstring, ";", ";")      ' semicolon filter
' fstring = replace (fstring, "--", "--") '--Filter
' fstring = replace (fstring, "%20", "")     ' special character filter
' fstring = replace (fstring, "= =", "")   & nbsp;  ' = = Filter
' fstring = replace (fstring, ' > ', ' > ')
' fstring = replace (fstring, "<", "<")
' fstring = replace (fstring, CHR (), "")    '  
' fstring = replace (fstring, CHR (9), "")     ; '  
' fstring = replace (fstring, CHR (), "" ")
' fstring = replace (fstring, CHR (39)," ' ") ' single quote filter
' fstring = Re Place (fstring, CHR (), "")
' fstring = Replace (fstring, CHR (a) & CHR (a), ' </P><P> ')
' fstring = R Eplace (Fstring, CHR (a), "<BR>")
' replace_text = fstring
' End-If
' End Function

' Filter SQL illegal characters
Function Checkstr (CHKSTR)
Dim str:str=chkstr
If IsNull (STR) Then
Checkstr = ""
Exit Function
Else
Str=replace (Str, "'", "")
Str=replace (Str, ";", "")
Str=replace (STR, "--", "")
Checkstr=str
End If
End Function

' Detect if the passed parameter is a numeric type
Function Chkrequest (Para)
Chkrequest=false
If Not (IsNull (Para) or Trim (Para) = "" Or not IsNumeric (Para)) Then
Chkrequest=true
End If
End Function

' Detect whether the passed parameter is a date type
Function chkrequestdate (Para)
Chkrequestdate=false
If Not (IsNull (Para) or Trim (Para) = "" Or not IsDate (Para)) Then
Chkrequestdate=true
End If
End Function

' Get address of current page
Function GetUrl ()
on Error Resume Next
Dim strtemp
If LCase (Request.ServerVariables ("HTTPS ') = ' off ' Then
strtemp = ' http://'
Else
strtemp = ' https://'
End If
strtemp = strtemp & Checkstr (Request.ServerVariables ("SERVER_NAME"))
If request.servervariables ("Server_port") <> Then strtemp = strtemp & ":" & Checkstr (Request.serverv Ariables ("Server_port"))
strtemp = strtemp & Checkstr (Request.ServerVariables ("URL"))
If Trim ( request.querystring) <> "" Then strtemp = strtemp & "?" & Checkstr (Trim (request.querystring))
GetUrl = s TRTEMP&NBSP;&NBSP
End Function

' Function checkreferer () ' Checks whether the user has entered the address of this page in the browser
' Dim Sreferer, Icheck
' Checkreferer = True
' Sreferer = Request.ServerVariables ("Http_referer")
' ServerIP = Request.ServerVariables ("local_addr")
' Icheck = InStr (Sreferer, "ServerIP")
' If icheck = 0 Then
' Checkreferer = False
' End If
' End Function

' Date formatting
Function FormatDate (DT,TP)
Dim y,m,d
Y=year (DT)
M=month (DT)
D=day (DT)
If M<10 then m= "0" &m
If D<10 then d= "0" &d
Select Case TP
Case 1 formatdate=y& "year" &M& "month" &D& "Day"
Case 2 formatdate=y& "-" &M& "-" &d
End Select
End Function

' Choose not to allow external submission of data
Function Chkpost ()
Dim http_referer,server_name
Dim server_v1,server_v2
Chkpost=false
Server_name=checkstr (Request.ServerVariables ("SERVER_NAME"))
Http_referer=checkstr (Request.ServerVariables ("Http_referer"))
Server_v1=cstr (Http_referer)
SERVER_V2=CSTR (SERVER_NAME)
If Mid (Server_v1,8,len (SERVER_V2)) <>server_v2 Then
Chkpost=false
Else
Chkpost=true
End If
End Function

' Construct upload picture filename random number
function Makedownname ()
Dim fname
FName = Now ()
fname = replace (fname, "-", "")
fname = replace (fname, "", "")
fname = replace (fname, ":", "")
fname = replace (fname, "PM", "")
fname = replace (fname, "AM", "")
fname = replace (fname, "a.m.", "")
fname = replace (fname, "PM", "")
fname = Int (fname) + int ((10-1+1) *rnd + 1)
Makedownname=fname
End Function

' Email detection
function IsValidEmail (email)
Dim names, Name, I, C
IsValidEmail = True
names = Split (email, "@")
If UBound (names) <> 1 Then
IsValidEmail = False
Exit function
End If
For each name in names
If Len (name) <= 0 Then
IsValidEmail = False
Exit function
End If
For i = 1 to Len (name)
c = Lcase (Mid (name, I, 1))
If InStr ("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 and not IsNumeric (c) Then
IsValidEmail = False
Exit function
End If
Next
If left (name, 1) = "." or Right (name, 1) = "." Then
IsValidEmail = False
Exit function
End If
Next
If INSTR (names (1), ".") <= 0 Then
IsValidEmail = False
Exit function
End If
i = Len (names (1))-InStrRev (names (1), ".")
If I <> 2 and I <> 3 then
IsValidEmail = False
Exit function
End If
If INSTR (email, "...") > 0 Then
IsValidEmail = False
End If
End Function

' JMail Mail sent
Function Sendjmail (Email,topic,mailbody)

Dim JMail
On Error Resume Next
Set JMail = Server.CreateObject ("Jmail.smtpmail")
Jmail.lazysend = True
Jmail.silent = True
Jmail.charset = "gb2312"
Jmail.contenttype = "Text/html"
Jmail.sender = "Wemaster@alibaba.info"' Our site's own mailbox
Jmail.replyto = "Wemaster@alibaba.info"' Our site's own mailbox
Jmail.sendername = "Ali Dad Mail Sent"
Jmail.subject = Topic
Jmail.simplelayout = True
Jmail.body = Mailbody
Jmail.priority = 3
Jmail.addrecipient Email
Jmail.addheader "Originating-ip", gbl_ipaddress
If Jmail.execute () = False Then
Sendjmail = 0
Else
Sendjmail = 1
End If
Jmail.close
Set JMail = Nothing

End Function

' Paging
Function listpages (Linkfile)
If not (rs.eof and RS.BOF) then
Gopage=currentpage
Totalpage=n
Blockpage=int ((gopage-1)/10) *10+1
' If InStr (Linkfile, "? page=") >0 or InStr (Linkfile, "&page=") >0 Then
' Pos=instr (linkfile, "page=")-2
' Linkfile=left (Linkfile,pos)
' End If

If LCase (Request.ServerVariables ("HTTPS") = "Off" Then
strtemp = "http://"
Else
strtemp = "https://"
End If
strtemp = strtemp & Checkstr (Request.ServerVariables ("SERVER_NAME"))
If Request.ServerVariables ("Server_port") <> Then strtemp = strtemp & ":" & Checkstr (Request.servervaria Bles ("Server_port"))
strtemp = strtemp & Checkstr (Request.ServerVariables ("URL")
Lenstrtemp=len (strtemp) +1
If InStr (Left (linkfile,lenstrtemp), "?") >0 Then

If Blockpage = 1 Then
Response.Write "<span disabled>" ← The first 10 pages </span> "
Else
Response.Write ("<span disabled>" </span><a href= "& Linkfile &" &page= "&blockPage-10 & ">← first 10 pages </a>")
End If
I=1
Do Until i > ten or Blockpage > N
If blockpage=int (gopage) Then
Response.Write ("<font color= #FF0000 >[<b>" &blockPage& "</b>]</font>")
Else
Response.Write ("<a href=" & Linkfile & "&page=" &blockPage& ">[" &blockPage& "]</a > ")
End If
Blockpage=blockpage+1
i = i + 1
Loop
If Blockpage > Totalpage Then
Response.Write "<span disabled> after 10 pages →" "
Else
Response.Write ("<a href=" & Linkfile & "&page=" &blockPage& "> 10 page →</a><span Disabled> "")
End If
Response.Write "directly to the first"
Response.Write "<select onchange=if (this.options[this.selectedindex].value!=") {location=this.options[ This.selectedindex].value;} > "
For I=1 to Totalpage
Response.Write "<option value= '" & Linkfile & "&page=" & I & "'"
If I=gopage then Response.Write "Selected"
Response.Write ">" &i& "</option>"
Next
Response.Write "</select>"
Response.Write "Page <Br><Br>"

Else

If Blockpage = 1 Then
Response.Write "<span disabled>" ← The first 10 pages </span> "
Else
Response.Write ("<span disabled>" </span><a href= "& Linkfile &"? page= "&blockPage-10&" >← First 10 page </a> ")
End If
I=1
Do Until i > ten or Blockpage > N
If blockpage=int (gopage) Then
Response.Write ("<font color= #FF0000 >[<b>" &blockPage& "</b>]</font>")
Else
Response.Write ("<a href=" & Linkfile & "page=" &blockPage& ">[" &blockPage& "]</a> ")
End If
Blockpage=blockpage+1
i = i + 1
Loop
If Blockpage > Totalpage Then
Response.Write "<span disabled> after 10 pages →" "
Else
Response.Write ("<a href=" & Linkfile & "page=" &blockPage& "> 10 page →</a><span disabled > "")
End If
Response.Write "directly to the first"
Response.Write "<select onchange=if (this.options[this.selectedindex].value!=") {location=this.options[ This.selectedindex].value;} > "
For I=1 to Totalpage
Response.Write "<option value=" "& Linkfile &" "Page=" & I & ""
If I=gopage then Response.Write "Selected"
Response.Write ">" &i& "</option>"
Next
Response.Write "</select>"
Response.Write "Page <Br><Br>"

End If

Startinfo= ((gopage-1) *msg_per_page) +1
Endinfo=gopage*msg_per_page
If Endinfo>totalrec then Endinfo=totalrec
Response.Write ("&totalrec&") information currently displays the first "&Startinfo&"-"&Endinfo&" section per page "&msg_per_page&am" p; "Piece of information Total" &n& "page")
End If
End Function

' Paging 2
Function ListPages2 (Linkfile)
If not (rs.eof and RS.BOF) then
Gopage=currentpage
Totalpage=n
Blockpage=int ((gopage-1)/10) *10+1

If LCase (Request.ServerVariables ("HTTPS") = "Off" Then
strtemp = "http://"
Else
strtemp = "https://"
End If
strtemp = strtemp & Checkstr (Request.ServerVariables ("SERVER_NAME"))
If Request.ServerVariables ("Server_port") <> Then strtemp = strtemp & ":" & Checkstr (Request.servervaria Bles ("Server_port"))
strtemp = strtemp & Checkstr (Request.ServerVariables ("URL")
Lenstrtemp=len (strtemp) +1
If InStr (Left (linkfile,lenstrtemp), "?") >0 Then

If Blockpage = 1 Then
Response.Write "<span disabled> first 10 pages </span>"
Else
Response.Write ("<a href=" & Linkfile & "&page=" &blockPage-10& "> First 10 page </a>")
End If
I=1
Do Until i > ten or Blockpage > N
If blockpage=int (gopage) Then
Response.Write ("<font color= #FF0000 ><b>" &blockPage& "</b></font>")
Else
Response.Write ("<a href=" & Linkfile & "&page=" &blockPage& ">" &blockPage& "</a > ")
End If
Blockpage=blockpage+1
i = i + 1
Loop
If Blockpage > Totalpage Then
Response.Write "<span disabled> after 10 pages"
Else
Response.Write ("<a href=" & Linkfile & "&page=" &blockPage& "> 10 page </a><span Disabled> ")
End If
Response.Write "directly to the first"
Response.Write "<select onchange=if (this.options[this.selectedindex].value!=") {location=this.options[ This.selectedindex].value;} > "
For I=1 to Totalpage
Response.Write "<option value= '" & Linkfile & "&page=" & I & "'"
If I=gopage then Response.Write "Selected"
Response.Write ">" &i& "</option>"
Next
Response.Write "</select>"
Response.Write "Page <Br><Br>"

Else

If Blockpage = 1 Then
Response.Write "<span disabled>" ← The first 10 pages </span> "
Else
Response.Write ("<span disabled>" </span><a href= "& Linkfile &"? page= "&blockPage-10&" >← First 10 page </a> ")
End If
I=1
Do Until i > ten or Blockpage > N
If blockpage=int (gopage) Then
Response.Write ("<font color= #FF0000 >[<b>" &blockPage& "</b>]</font>")
Else
Response.Write ("<a href=" & Linkfile & "page=" &blockPage& ">[" &blockPage& "]</a> ")
End If
Blockpage=blockpage+1
i = i + 1
Loop
If Blockpage > Totalpage Then
Response.Write "<span disabled> after 10 pages →" "
Else
Response.Write ("<a href=" & Linkfile & "page=" &blockPage& "> 10 page →</a><span disabled > "")
End If
Response.Write "directly to the first"
Response.Write "<select onchange=if (this.options[this.selectedindex].value!=") {location=this.options[ This.selectedindex].value;} > "
For I=1 to Totalpage
Response.Write "<option value=" "& Linkfile &" "Page=" & I & ""
If I=gopage then Response.Write "Selected"
Response.Write ">" &i& "</option>"
Next
Response.Write "</select>"
Response.Write "Page <Br><Br>"

End If

Startinfo= ((gopage-1) *msg_per_page) +1
Endinfo=gopage*msg_per_page
If Endinfo>totalrec then Endinfo=totalrec
Response.Write ("&totalrec&") information currently displays the first "&Startinfo&"-"&Endinfo&" section per page "&msg_per_page&am" p; "Piece of information Total" &n& "page")
End If
End Function

' Determine if the file type is qualified
Function Checkfileext (Fileext)
Dim Forumupload,i
Forumupload= "Gif,jpg,bmp,jpeg,png"
Forumupload=split (Forumupload, ",")
Checkfileext=false
For i=0 to UBound (forumupload)
If LCase (Fileext) =lcase (Trim (Forumupload (i)) Then
Checkfileext=true
Exit Function
End If
Next
End Function
' Format suffix
Function Fixname (Upfileext)
If IsEmpty (upfileext) Then Exit Function
Fixname = Lcase (Upfileext)
Fixname = Replace (FIXNAME,CHR (0), "")
Fixname = Replace (Fixname, ".", "")
Fixname = Replace (fixname, "ASP", "")
Fixname = Replace (Fixname, "Asa", "")
Fixname = Replace (Fixname, aspx, "")
Fixname = Replace (Fixname, CER, "")
Fixname = Replace (Fixname, "CDX", "")
Fixname = Replace (Fixname, "htr", "")
End Function
' File Content-type judgment
Function Checkfiletype (FileType)
Checkfiletype = False
If Left (Cstr (Lcase (Trim (FileType)), 6) = "image/" Then checkfiletype = True
End Function
%>