replacehtml.asp

eayanQuery思燕大学成绩查询系统 版本 V1.6

<%
'保持数据格式不变的函数
Dim element,i
dim str(43)
'str=Array(37)
function HTMLEncode(fString)
fString = replace(fString, ">", "&gt;")
fString = replace(fString, "<", "&lt;")
fString = Replace(fString, CHR(32), " ")
fString = Replace(fString, CHR(13), "")
fString = Replace(fString, CHR(10) & CHR(10), "<br>")
fString = Replace(fString, CHR(10), "<br>")
'过滤sql的关键字
 str(0) = "insert":str(1) = "update":str(2) = "drop":str(3) = "is":str(4) = "where"
 str(5) = "key":str(6) = "create":str(7) = "exec":str(8) = "net localgroup administrators"
 str(9) = "select":str(10) = "count":str(11) = "asc":str(12) = "char":str(13) = "mid"
 str(14) = "'":str(15) = ":":str(16) = """":str(17) = "truncate":str(18) = "from"
 str(19) = "and":str(20) = "delete":str(21) = "or":str(22) = "select":str(23) = "from":str(24) = "inner"
 str(25) = "join":str(26) = "like":str(27) = "distinct":str(28) = "set":str(29) = "%":str(30) = "into"
 str(31) = "cross":str(32) = "if":str(33) = "else":str(34) = "left":str(35) = "having":str(36) = "else"
 str(37) = "with":str(38) = "a,s":str(39) = "add":str(40) = "goto":str(41) = "between":str(42) = "proc"
 For i=Lbound(str) to Ubound(str)
  fstring=Replace(Lcase(trim(fString)),str(i),"") '此处把用户输入的包含有sql敏感字符等全部替换成空白字符
  'response.write str(i)&"<br>"
 Next
HTMLEncode = fString
end function
%>