Exit Function End If sTemp = Replace(sTemp, "&", "&") sTemp = Replace(sTemp, "<", "<") sTemp = Replace(sTemp, ">", ">") sTemp = Replace(sTemp, """, Chr(34)) sTemp = Replace(sTemp, "<br>",Chr(10)) SafeCheck = Left(sTemp,CheckLength) case 6 s_BadStr = "' &<>?%,;:()`~!@#$^*{}[]+-=" & Chr(34) & Chr(9) & Chr(32) n = Len(s_BadStr) IsSafeStr = True For i = 1 To n If Instr(CheckString, Mid(s_BadStr, i, 1)) > 0 Then IsSafeStr = False End If Next if IsSafeStr then SafeCheck=left(CheckString,CheckLength) else SafeCheck=ErrorRoot&"00007" Exit Function end if case 7 s_Filter="net userxp_cmdshell/addselectcountasccharmid'""" S_Filter=S_Filter&"insertdeletedroptruncatefrom%declare-" S_Filters=split(S_Filter,"") isFound=false for i=0 to ubound(S_Filters)-1 if Instr(lcase(CheckString),lcase(S_Filters(i)))<>0 then isFound=true exit for end if next if isFound then SafeCheck=ErrorRoot&"00008" Exit Function else SafeCheck=left(CheckString,CheckLength) end if end select end function
精品推荐