Public string filtRiskChar (string str) // filter invalid characters
{
String s = "";
S = str. Replace ("'","");
S = s. Replace (";","");
S = s. Replace ("1 = 1 ","");
S = s. Replace ("| ","");
S = s. Replace ("<","");
S = s. Replace ("> ","");
Return s;
}
Public boolean checkParameter (String para) // checks for invalid characters
...{
Int flag = 0;
Flag + = para. indexOf ("'") + 1;
Flag + = para. indexOf (";") + 1;
Flag + = para. indexOf ("1 = 1") + 1;
Flag + = para. indexOf ("|") + 1;
Flag + = para. indexOf ("<") + 1;
Flag + = para. indexOf (">") + 1;
If (flag! = 0)
...{
System. out. println ("illegal character submitted !!! ");
Return false;
}
Return true;
}
//////////////////////////////////////// ////////////////////////////////////////
'Filter invalid SQL characters and format html code
Function Replace_Text (fString)
If isnull (fString) then
Replace_Text = ""
Exit function
Else
FString = trim (fString)
FString = replace (fString ,"'","''")
FString = replace (fString ,";",";")
FString = replace (fString ,"--","-")
FString=server.html encode (fString)
Replace_Text = fString
End if
End function
Function changechr (str)
Changechr = replace (str, "<", "& lt;"), ">", "& gt;"), chr (13 ), "<br>"), "", "& nbsp ;")
Changechr = replace (changechr, "[sayyes]", "<div align = center> ")
Changechr = replace (changechr, "[/sayyes]", "> </img> </div> "),"", "</B>"), "[/red]", "</font>"), "[/big]", "</font> ")
End function
'Filtering various information published by Members
'Function Replace_Text (fString)
'If Not IsNull (fString) Then
'Fstring = trim (fString)
'Fstring = replace (fString, ";", ";") 'semicolon Filter
'Fstring = replace (fString, "--", "--") '-- Filter
'Fstring = replace (fString, "% 20", "") 'special character filtering
'Fstring = replace (fString, "=", "") '= Filter
'Fstring = replace (fString, ">", "& gt ;")
'Fstring = replace (fString, "<", "& lt ;")
'Fstring = Replace (fString, CHR (32), "") '& nbsp;
'Fstring = Replace (fString, CHR (9), "") '& nbsp;
'Fstring = Replace (fString, CHR (34), "& quot ;")
'Fstring = Replace (fString, CHR (39), "'")' single quotation mark Filtering
'Fstring = Replace (fString, CHR (13 ),"")
'Fstring = Replace (fString, CHR (10) & CHR (10), "</P> <P> ")
'Fstring = Replace (fString, CHR (10), "<BR> ")
'Replace _ Text = fString
'End If
'End Function
'Filter invalid SQL characters
Function checkStr (Chkstr)
Dim Str: Str = Chkstr
If isnull (Str) then
CheckStr = ""
Exit Function
Else
Str = replace (Str ,"'","")
Str = replace (Str ,";","")
Str = replace (Str ,"--","")
CheckStr = Str
End if
End Function
'Check whether the passed parameter is Numeric
Function Chkrequest (Para)
Chkrequest = False
If Not (IsNull (Para) or Trim (Para) = "or Not IsNumeric (Para) Then
Chkrequest = True
End If
End Function
'Check whether the passed parameter is of the date type
Function Chkrequestdate (Para)
Chkrequestdate = False
If Not (IsNull (Para) or Trim (Para) = "or Not IsDate (Para) Then
Chkrequestdate = True
End If
End Function
'Get the address of the current page
Function GetUrl ()
On Error Resume Next
Dim strTemp
If LCase (Request. ServerVariables ("HTTPS") = "off" Then
StrTemp = "http ://"
Else
StrTemp = "https ://"
End If
StrTemp = strTemp & CheckStr (Request. ServerVariables ("SERVER_NAME "))
If Request. ServerVariables ("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & CheckStr (Request. ServerVariables ("SERVER_PORT "))
StrTemp = strTemp & CheckStr (Request. ServerVariables ("URL "))
If Trim (Request. QueryString) <> "Then strTemp = strTemp &"? "& CheckStr (Trim (Request. QueryString ))
GetUrl = strTemp
End Function
'Function CheckReferer () 'checks whether the user has entered the address on this page in the browser.
'Dim sReferer, Icheck
'Checkreferer = True
'Sreferer = Request. ServerVariables ("HTTP_REFERER ")
'Serverip = Request. ServerVariables ("LOCAL_ADDR ")
'Icheck = InStr (sReferer, "ServerIP ")
'If Icheck = 0 Then
'Checkreferer = False
'End If
'End Function
'Date formatting
Function FormatDate (DT, tp)
Dim Y, M, D
Y = Year (DT)
M = month (DT)
D = Day (DT)
If M <10 then M = "0" & M
If D <10 then D = "0" & D
Select case tp
Case 1 FormatDate = Y & "year" & M & "month" & D & "day"
Case 2 FormatDate = Y & "-" & M & "-" & D
End select
End Function