'**************************************************
' Function name: Replacebadchar
' Function: Filter illegal SQL characters
' Parameters: Strchar-----The characters to filter
' Return value: Filtered character
'**************************************************
function Replacebadchar (Strchar)
If strchar= "" Then
Replacebadchar= ""
Else
Replacebadchar=replace (replace (replace (Strchar, "", ""), "*", ""), "?", "" " , "(", ""), ")", ""), "<", ""), ".", "" "),"% "," "")
End If
End Function
' **************************************************
' function name: Checkbadchar
: Checking for illegal characters
' parameters Number: Strchar-----To check the character
return value: The checked character is illegal to true
: Designed by Jeanun
' *******************************
Function Checkbadchar (strchar)
if Instr (strchar, "=") >0 or Instr (Strchar, " % ") >0 or Instr (Strchar,"? ") >0 or Instr (Strchar, "&") >0 or Instr (Strchar, ";") >0 or Instr (Strchar, ",") >0 or Instr (Strchar, "'") >0 or Instr (Strchar, ",") >0 or Instr (STRCHAR,CHR) >0 or Instr (STRCHAR,CHR (9)) >0 or Instr (Strchar, "$") >0 then
checkbadchar = True
else
checkbadchar = False
end If
End Function
' **************************************************
' function name: Saferequest
' for : Security request, only get [number]
' parameter Number: Strchar-----field name
' return value: Read character after check
' as : Designed by Jeanun
' ****************************
Function Saferequest (strchar)
strchar = Trim (Request ("& Strchar &")
if Checkbadchar (strchar) = True Or isnumeric (strchar) = False then
response.write ("<script >alert (' Do not attempt to do a site unconventional operation '); History.go ( -1) </script> ")
response.end ()
else
saferequest = Strchar
end If
End Function