⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 inc_form.asp

📁 1] 校友多种方式注册认证[直接注册,答问注册,认证注册] 2] 校友论坛 小巧而实用的论坛,支持UBB标签,快速回复,帖子搜索,灵活的将帖子置顶,设置精华 3] 校友相册 相片上传[方便上传
💻 ASP
字号:
🔍 
<%
'===================================================================
'= ASP FILENAME	: /inc/inc_form.asp
'= CREATED TIME : 2006-5-3
'= LAST MODIFIED: 2006-5-3
'= VERSION INFO : CCASP Framework Ver 2.0.1 ALL RIGHTS RESERVED BY www.cclinux.com
'= DESCRIPTION  : 表单/字符处理函数
'= Change Log:
'= 2006-7-20 增加表单提交中的sql注入校验
'===================================================================
'===================================================================
'= Function     : HTMLEncode() 
'= Time		    : Created At SEP,21,2003
'= Input        : The String That You Want To Transfer
'= Description  : Filter Some Invalid Characters Of In String
'===================================================================
Function HTMLEncode(strInStr)
	If Not Isnull(strInStr) Then
		strInStr = Replace(strInStr, ">", "&gt;")
		strInStr = Replace(strInStr, "<", "&lt;")

		strInStr = Replace(strInStr, CHR(32), "&nbsp;")
		strInStr = Replace(strInStr, CHR(9), "&nbsp;")
		strInStr = Replace(strInStr, CHR(34), "&quot;")
		strInStr = Replace(strInStr, CHR(39), "&#39;")
		strInStr = Replace(strInStr, CHR(13), "")
		strInStr = Replace(strInStr, CHR(10) & CHR(10), "</P><P> ")
		strInStr = Replace(strInStr, CHR(10), "<BR> ")

		'strInStr = ChkBadWords(strInStr)
		HTMLEncode = strInStr
	Else
		HTMLEncode = ""
	End If
End Function
'====================================================================
'= Function     : FilterHtml(str)
'= Time		    : Created At SEP,21,2003
'= Input        : The String That You Want To Filter
'= Description  : Filter Some Invalid Characters Of In String
'====================================================================
Function FilterHtml(str)
	Dim strContent
	If Trim(str) = "" Or IsEmpty(str) Or IsNull(str) Then
		FilterHtml = ""
	Else
		strContent = Replace(str,"<br>",chr(13))
		strContent = Replace(strContent,"<BR>",chr(13))
		strContent = Replace(strContent,"&nbsp;"," ")
		FilterHtml = strContent
	End If
End Function

Function HtmlEncode2(str)
	Dim result
	Dim l
	if isNULL(str) then
		htmlencode2=""
		exit function
	end if
	l=len(str)
	result=""
	Dim i
	for i = 1 to l
		select case mid(str,i,1)
		case "<"
			result=result+"&lt;"
		case ">"
			result=result+"&gt;"
		case chr(13)
			result=result+"<br>"
		case chr(34)
			result=result+"&quot;"
		'case chr(10)
		'	result=result+"<br>"
		case "&"
			result=result+"&amp;"
		case chr(32)	
	'result=result+"&nbsp;"
			if i+1<=l and i-1>0 then
				if mid(str,i+1,1)=chr(32) or mid(str,i+1,1)=chr(9) or mid(str,i-1,1)=chr(32) or mid(str,i-1,1)=chr(9)  then	
					result=result+"&nbsp;"
				else
					result=result+" "
				end if
			else
				result=result+"&nbsp;"	
			end if
		case chr(9)
			result=result+"    "
		case else
			result=result+mid(str,i,1)
		end select
	next
	htmlencode2 = result
End Function

Function htmlEncode3(str)
	If len(str)>0 Then
		htmlEncode3=Replace(Replace(Replace(str,">","&gt;"),"<","&lt;"),"""","&quot;")
	Else
		htmlEncode3=str
	End If

End Function
Function PrintTrueText(tempString)

	If tempString<>"" Then
		PrintTrueText=Replace(Replace(Replace(Replace(Replace(htmlEncode(tempString),VbCrLf & " ","<br>" & "&nbsp;"),VbCrLf,"<br>" & VbCrLf),"   "," &nbsp; "),"  "," &nbsp;"),chr(9)," &nbsp; &nbsp; &nbsp;")

		If Left(PrintTrueText,1) = chr(32) Then
			PrintTrueText = "&nbsp;" & Mid(PrintTrueText,2)
		End If
	Else
		PrintTrueText=""
	End If

End Function

' ============================================
' 去除Html格式,用于从数据库中取出值填入输入框时
' 注意:value="?"这边一定要用双引号
' ============================================
Function inHTML(str)
	Dim sTemp
	sTemp = str
	inHTML = ""
	If IsNull(sTemp) = True Then
		Exit Function
	End If
	sTemp = Replace(sTemp, "&", "&amp;")
	sTemp = Replace(sTemp, "<", "&lt;")
	sTemp = Replace(sTemp, ">", "&gt;")
	sTemp = Replace(sTemp, Chr(34), "&quot;")
	inHTML = sTemp
End Function

'== 输入数据格式化函数
Function FmtFormData(value)
	FmtFormData = Trim(value)
End Function

'== 输入表单数据赋值到Form对象
Function CnvFormData(strFormName,ByRef objFormData)
	Dim arrFormName,i,strValueName

	arrFormName = Split(strFormName,"|")
	For i = Lbound(arrFormName) To Ubound(arrFormName)
		strValueName = Right(arrFormName(i),Len(arrFormName(i))-3)
		objFormData.Item(strValueName) = FmtFormData(Request.Form(arrFormName(i)))
	Next
	Erase arrFormName
End Function

'== 取得输入表单中的ID参数
Function GetPostIdValue(strFormName,strAddInfo,ByRef id)
	Dim value
	value = FmtFormData(Request(strFormName))
	If DataCheck("DT_ID",value ,strAddInfo,NULL) Then 
		GetPostIdValue = False
		Call GBL_objException.catchErr(E_DATA_PUB,strAddInfo)
		Exit Function
	End If
	id = value
	GetPostIdValue = True
End Function

'== 过滤提交表单中的不安全字符
Function ForSqlForm()

	Dim fqys,errc,i,items
	Dim nothis,noth

	noth = "exe"
	noth = noth & "|" & "net user" 
	noth = noth & "|" & "xp_cmdshell" 
	noth = noth & "|" & "/add" 
	noth = noth & "|" & "exec%20master.dbo.xp_cmdshell" 
	noth = noth & "|" & "net localgroup administrators" 
	'noth = noth & "|" & "select" 
	noth = noth & "|" & "count" 
	noth = noth & "|" & "asc" 
	noth = noth & "|" & "char" 
	noth = noth & "|" & "mid" 
	noth = noth & "|" & "execute" 
	'noth = noth & "|" & ":" 
	'noth = noth & "|" & """" 
	noth = noth & "|" & "insert" 
	noth = noth & "|" & "delete" 
	noth = noth & "|" & "drop" 
	noth = noth & "|" & "truncate" 
	noth = noth & "|" & "from" 
	noth = noth & "|" & "<%"
	noth = noth & "|" & "%" & ">"
	'noth = noth & "|" & " or "

	errc = False 

	nothis = Split(noth,"|")

	For i = 0 To Ubound(nothis) 
		For Each items In Request.Form
			If Instr(Request.Form(items),nothis(i))<>0 Then 

				Call GBL_objException.catchErr(E_USER_PUB,"对不起,你所填写的信息含非法字符(" & nothis(i) & ")!")

				ActionOver()

				Response.End()

			End If 
		Next
	Next 

	For i = 0 To Ubound(nothis) 
		For Each items In Request.QueryString
			If Instr(Request.Form(items),nothis(i))<>0 Then 

				Call GBL_objException.catchErr(E_USER_PUB,"对不起,你所填写的信息含非法字符(" & nothis(i) & ")!")

				ActionOver()

				Response.End()

			End If 
		Next
	Next 

End Function


'====================================================================
'= Function     : CheckPageSubmit()
'= Time		    : Created At Apr,2006-7-20
'= Input        : None
'= Output       : None
'= Return       : true or false
'= Description  : 防止外部页面数据提交
'====================================================================
Function CheckPageSubmit()
	
	Dim strPrePage,strLocalSvr

	strPrePage = Cstr(Request.ServerVariables("HTTP_REFERER"))
	strLocalSvr = Cstr(Request.ServerVariables("SERVER_NAME"))
	If Mid(strPrePage,8,Len(strLocalSvr)) <> strLocalSvr And strPrePage <> "" Then
		CheckPageSubmit = FALSE
	Else
		CheckPageSubmit = TRUE
	End If

End Function

%>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -