中国网络渗透测试联盟
标题:
对特殊字符的过滤代码
[打印本页]
作者:
admin
时间:
2012-9-15 14:40
标题:
对特殊字符的过滤代码
public Function RSQL(strChar)
# w7 P5 W$ `& V
If strChar = "" or IsNull(strChar) Then RSQL = "":Exit Function
% ]! w: I" A8 d; [( X
Dim strBadChar, arrBadChar, tempChar, I
_ `8 G& Z# A( r
strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""’注意这里过滤的是特殊字符 ‘Chr(34)对应的ASCII码是双引号。Chr(0)其实就是我们上传改包把空格(20)改成的00
6 e# C3 o" q* A
arrBadChar = Split(strBadChar, ",")
7 P3 x$ _! S# @ a% w- b. ^) r
tempChar = strChar
7 L8 b/ g% P4 Z6 C
For I = 0 To UBound(arrBadChar)
3 B% |+ Q* {0 n! I3 f0 }
tempChar = Replace(tempChar, arrBadChar(I), "") ‘将特殊字符过滤为空
b( g: O! z' C, }8 f& b
Next
9 K+ ?1 M$ k8 ^) o2 \% d6 q; f
RSQL = tempChar
. D$ d; {* c' z0 }1 u
End Function
X0 Q6 v) M2 g/ F: Z2 W
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2