Filter invalid SQL characters

Source: Internet
Author: User
Tags html encode servervariables

Public string filtRiskChar (string str) // filter invalid characters
{
String s = "";

S = str. Replace ("'","");
S = s. Replace (";","");
S = s. Replace ("1 = 1 ","");
S = s. Replace ("| ","");
S = s. Replace ("<","");
S = s. Replace ("> ","");

Return s;
}



Public boolean checkParameter (String para) // checks for invalid characters
...{
Int flag = 0;
Flag + = para. indexOf ("'") + 1;
Flag + = para. indexOf (";") + 1;
Flag + = para. indexOf ("1 = 1") + 1;
Flag + = para. indexOf ("|") + 1;
Flag + = para. indexOf ("<") + 1;
Flag + = para. indexOf (">") + 1;
If (flag! = 0)
...{
System. out. println ("illegal character submitted !!! ");
Return false;
}
Return true;
}

//////////////////////////////////////// ////////////////////////////////////////

'Filter invalid SQL characters and format html code
Function Replace_Text (fString)
If isnull (fString) then
Replace_Text = ""
Exit function
Else
FString = trim (fString)
FString = replace (fString ,"'","''")
FString = replace (fString ,";",";")
FString = replace (fString ,"--","-")
FString=server.html encode (fString)
Replace_Text = fString
End if
End function

Function changechr (str)
Changechr = replace (str, "<", "& lt;"), ">", "& gt;"), chr (13 ), "<br>"), "", "& nbsp ;")
Changechr = replace (changechr, "[sayyes]", "<div align = center> ")
Changechr = replace (changechr, "[/sayyes]", "> </img> </div> "),"", "</B>"), "[/red]", "</font>"), "[/big]", "</font> ")
End function

 

'Filtering various information published by Members
'Function Replace_Text (fString)
'If Not IsNull (fString) Then
'Fstring = trim (fString)
'Fstring = replace (fString, ";", ";") 'semicolon Filter
'Fstring = replace (fString, "--", "--") '-- Filter
'Fstring = replace (fString, "% 20", "") 'special character filtering
'Fstring = replace (fString, "=", "") '= Filter
'Fstring = replace (fString, ">", "& gt ;")
'Fstring = replace (fString, "<", "& lt ;")
'Fstring = Replace (fString, CHR (32), "") '& nbsp;
'Fstring = Replace (fString, CHR (9), "") '& nbsp;
'Fstring = Replace (fString, CHR (34), "& quot ;")
'Fstring = Replace (fString, CHR (39), "'")' single quotation mark Filtering
'Fstring = Replace (fString, CHR (13 ),"")
'Fstring = Replace (fString, CHR (10) & CHR (10), "</P> <P> ")
'Fstring = Replace (fString, CHR (10), "<BR> ")
'Replace _ Text = fString
'End If
'End Function

'Filter invalid SQL characters
Function checkStr (Chkstr)
Dim Str: Str = Chkstr
If isnull (Str) then
CheckStr = ""
Exit Function
Else
Str = replace (Str ,"'","")
Str = replace (Str ,";","")
Str = replace (Str ,"--","")
CheckStr = Str
End if
End Function

'Check whether the passed parameter is Numeric
Function Chkrequest (Para)
Chkrequest = False
If Not (IsNull (Para) or Trim (Para) = "or Not IsNumeric (Para) Then
Chkrequest = True
End If
End Function

'Check whether the passed parameter is of the date type
Function Chkrequestdate (Para)
Chkrequestdate = False
If Not (IsNull (Para) or Trim (Para) = "or Not IsDate (Para) Then
Chkrequestdate = True
End If
End Function

'Get the address of the current page
Function GetUrl ()
On Error Resume Next
Dim strTemp
If LCase (Request. ServerVariables ("HTTPS") = "off" Then
StrTemp = "http ://"
Else
StrTemp = "https ://"
End If
StrTemp = strTemp & CheckStr (Request. ServerVariables ("SERVER_NAME "))
If Request. ServerVariables ("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & CheckStr (Request. ServerVariables ("SERVER_PORT "))
StrTemp = strTemp & CheckStr (Request. ServerVariables ("URL "))
If Trim (Request. QueryString) <> "Then strTemp = strTemp &"? "& CheckStr (Trim (Request. QueryString ))
GetUrl = strTemp
End Function

'Function CheckReferer () 'checks whether the user has entered the address on this page in the browser.
'Dim sReferer, Icheck
'Checkreferer = True
'Sreferer = Request. ServerVariables ("HTTP_REFERER ")
'Serverip = Request. ServerVariables ("LOCAL_ADDR ")
'Icheck = InStr (sReferer, "ServerIP ")
'If Icheck = 0 Then
'Checkreferer = False
'End If
'End Function

'Date formatting
Function FormatDate (DT, tp)
Dim Y, M, D
Y = Year (DT)
M = month (DT)
D = Day (DT)
If M <10 then M = "0" & M
If D <10 then D = "0" & D
Select case tp
Case 1 FormatDate = Y & "year" & M & "month" & D & "day"
Case 2 FormatDate = Y & "-" & M & "-" & D
End select
End Function

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.