请高手详解一段代码?

mwywfn · 2006-03-10, 16:23

<%'/字符过滤/
function changechr(str)
changechr=replace(replace(replace(replace(str,"<",""),">",""),chr(13),"")," ","")
changechr=replace(replace(replace(replace(changechr,"'",""),chr(34),""),"insert",""),"and","")
changechr=replace(replace(replace(replace(changechr,"select",""),"update",""),"delete%20from",""),"exec","")
changechr=replace(replace(replace(replace(changechr,"mid",""),"truncate",""),"declare",""),"*","")
end function
%>

这段代码我只知道是字符过滤,请详解一下这段代码?

风狼^© · 2006-03-10, 18:19

changechr=replace(replace(replace(replace(str,"<",""),">",""),chr(13),"")," ","")

我只解释这一段.从最里面的开始
replace(str,"<","")
将字符串str变量里的字符<替换为空。也就是str为abc<123>456时,通过过滤就变成了abc123>456

replace(replace(str,"<",""),">","")
上面就是将str先过滤了<符号。再过滤>符号str先变成abc123>456再变成abc123456

通过这种方法可以避免SQL注入等安全问题

虚拟主机	魔兽世界私服魔兽世界私服	魔兽世界私服魔兽世界私服	天龙八部私服传奇世界私服新开传奇私服
机战私服传奇世界私服传世私服传世私服	魔域私服魔域私服天龙八部私服征途私服	传世私服	魔域私服魔域私服

2006-03-10, 16:23	#1 (页面定位)
mwywfn 注册日期: 2005-09-26 帖子: 18	请高手详解一段代码? <%'/字符过滤/ function changechr(str) changechr=replace(replace(replace(replace(str,"<",""),">",""),chr(13),"")," ","") changechr=replace(replace(replace(replace(changechr,"'",""),chr(34),""),"insert",""),"and","") changechr=replace(replace(replace(replace(changechr,"select",""),"update",""),"delete%20from",""),"exec","") changechr=replace(replace(replace(replace(changechr,"mid",""),"truncate",""),"declare",""),"*","") end function %> 这段代码我只知道是字符过滤,请详解一下这段代码?

主题工具
显示可打印版本邮寄本页给好友
显示模式	对此主题评分
平板模式切换到混合模式切换到树形模式	对此主题评分:

2006-03-10, 18:19	#2 (页面定位)
风狼^© 注册日期: 2005-10-01 住址: 美女集中营帖子: 6992	changechr=replace(replace(replace(replace(str,"<",""),">",""),chr(13),"")," ","") 我只解释这一段.从最里面的开始 replace(str,"<","") 将字符串str变量里的字符<替换为空。也就是str为abc<123>456时,通过过滤就变成了abc123>456 replace(replace(str,"<",""),">","") 上面就是将str先过滤了<符号。再过滤>符号str先变成abc123>456再变成abc123456 通过这种方法可以避免SQL注入等安全问题