中国网络渗透测试联盟
标题:
对特殊字符的过滤代码
[打印本页]
作者:
admin
时间:
2012-9-15 14:40
标题:
对特殊字符的过滤代码
public Function RSQL(strChar)
) D% U$ V' A4 W* X) ]% u
If strChar = "" or IsNull(strChar) Then RSQL = "":Exit Function
7 g& H4 o5 ?3 ~5 L
Dim strBadChar, arrBadChar, tempChar, I
; j$ o t. Y/ ]6 y; ]! o2 H
strBadChar = "$,#,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ""’注意这里过滤的是特殊字符 ‘Chr(34)对应的ASCII码是双引号。Chr(0)其实就是我们上传改包把空格(20)改成的00
! b# d1 R& ^6 s- P; W& b% ]+ U3 J1 N
arrBadChar = Split(strBadChar, ",")
( p* M0 Z5 r R+ T
tempChar = strChar
7 O& z9 y( N# s. E
For I = 0 To UBound(arrBadChar)
3 t, |$ l/ L# n J4 f
tempChar = Replace(tempChar, arrBadChar(I), "") ‘将特殊字符过滤为空
# r2 b% a# F2 ?! {7 ?0 l! Q/ L
Next
: B2 _5 s& o* R2 x9 _
RSQL = tempChar
. T9 H0 O# ~. |; S$ F% {
End Function
( }3 M' i+ f/ r# o0 P0 B3 I
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2