28,390
社区成员
发帖
与我相关
我的任务
分享恶意字符过滤问题
我想在每个表单提交数据的时候都检验恶意字符串.在CONN.ASP文件中放了一个函数.每有FORM表单提交数据要入库的时候就检验.
但是又不能每次去REQUEST.FORM("***")去判断.我用request.from()的时候.可是中文提交过来是编了码的.
求解决方法.
但是又不能每次去REQUEST.FORM("***")去判断.我用request.from()的时候.可是中文提交过来是编了码的.
求解决方法.
...全文
请发表友善的回复…
发表回复
仲夏之约 2008-04-30
- 打赏
- 举报
class WForm
private m_QValue
private m_QKey
private m_PValue
private m_PKey
sub Class_Initialize
redim m_QValue(Request.QueryString.Count)
redim m_QKey(Request.QueryString.Count)
redim m_PValue(Request.Form.Count)
redim m_pKey(Request.Form.Count)
p = 0
for each key in Request.QueryString
m_QValue(p) = WReplace(Request.QueryString(key))
m_QKey(p) = key
p = p + 1
next
p = 0
for each key in Request.Form
m_PValue(p) = WReplace(Request.Form(key))
m_PKey(p) = key
p = p + 1
next
end sub
private function WReplace(str)
str = replace(str,"'","''")
str = replace(str,"<","<")
str = replace(str,">",">")
WReplace = str
end function
function QueryString(key)
retval = ""
for i = 0 to ubound(m_QKey)
if m_QKey(i) = key then
retval = m_QValue(i)
exit for
end if
next
QueryString = retval
end function
function Form(key)
retval = ""
for i=0 to ubound(m_PKey)
if(m_PKey(i) = key then
retval = m_PValue(i)
exit for
end if
next
Form = retval
end function
end class
dim WRequest: set WRequest = new WForm
'例如获取数据
Response.Write WRequest.QueryString("a")
Response.Write WRequest.Form("a")
private m_QValue
private m_QKey
private m_PValue
private m_PKey
sub Class_Initialize
redim m_QValue(Request.QueryString.Count)
redim m_QKey(Request.QueryString.Count)
redim m_PValue(Request.Form.Count)
redim m_pKey(Request.Form.Count)
p = 0
for each key in Request.QueryString
m_QValue(p) = WReplace(Request.QueryString(key))
m_QKey(p) = key
p = p + 1
next
p = 0
for each key in Request.Form
m_PValue(p) = WReplace(Request.Form(key))
m_PKey(p) = key
p = p + 1
next
end sub
private function WReplace(str)
str = replace(str,"'","''")
str = replace(str,"<","<")
str = replace(str,">",">")
WReplace = str
end function
function QueryString(key)
retval = ""
for i = 0 to ubound(m_QKey)
if m_QKey(i) = key then
retval = m_QValue(i)
exit for
end if
next
QueryString = retval
end function
function Form(key)
retval = ""
for i=0 to ubound(m_PKey)
if(m_PKey(i) = key then
retval = m_PValue(i)
exit for
end if
next
Form = retval
end function
end class
dim WRequest: set WRequest = new WForm
'例如获取数据
Response.Write WRequest.QueryString("a")
Response.Write WRequest.Form("a")
frankqnj 2008-04-30
- 打赏
- 举报
楼上的方法不行...人家浏览器禁止js的话 就可以绕过js防御 所以 还是写函数 或者 过程吧
xiaojing7 2008-04-24
- 打赏
- 举报
应该在提交前用js替换了恶意字符,或者判断出来就不给提交
HelloNet 2008-04-24
- 打赏
- 举报
replace 过滤
