'==================================================
'函数名:GetHttpPage
'作 用:获取网页源码
'参 数:HttpUrl ------网页地址
'==================================================
Function GetHttpPage(HttpUrl)
If IsNull(HttpUrl)=True Or Len(HttpUrl)<5 Then
GetHttpPage="$False$"
Exit Function
End If
Dim Http
Set Http=server.createobject("MSXML2.XMLHTTP")
Http.open "GET",HttpUrl,False
Http.Send()
If Http.Readystate<>4 then
Set Http=Nothing
GetHttpPage="False"
Exit function
End if
GetHTTPPage=BytesToBstr(Http.responseBody,"GB2312")
Set Http=Nothing
If Err.number<>0 then
Err.Clear
End If
End Function
'==================================================
'函数名:BytesToBstr
'作 用:将获取的源码转换为中文
'参 数:Body ------要转换的变量
'参 数:Cset ------要转换的类型
'==================================================
Function BytesToBstr(Body,Cset)
Dim Objstream
Set Objstream = Server.CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode =3
objstream.Open
objstream.Write body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
set objstream = nothing
End Function
'============================================
'函数名:OpenFile
'作 用:用FSO打开文件
'参 数:txt ------文件的路径
'============================================
Function OpenFile(txt)
Set fso= Server.CreateObject( "Scripting.FileSystemObject" )
set ObjFile=fso.OpenTextFile(Server.MapPath(txt),1)
OpenFile=ObjFile.ReadAll
ObjFile.close
Set ObjFile=Nothing
End Function
'============================================
'函数名:isChkInteger
'作 用:判断数字是否整形
'参 数: para 要检测的参数
'============================================
function isChkInteger(para)
on error resume next
dim str
dim l,i
if isNUll(para) then
isChkInteger=false
exit function
end if
str=cstr(para)
if trim(str)="" then
isChkInteger=false
exit function
end if
l=len(str)
for i=1 to l
if mid(str,i,1)>"9" or mid(str,i,1)<"0" then
isChkInteger=false
exit function
end if
next
isChkInteger=true
if err.number<>0 then err.clear
end function
'============================================
'函数名:srequest(ParaName,ParaType)
'作 用:判断数字是否为整形,过滤特殊字符串
'参 数: ParaName 要检测的参数
' ParaType 值为1时,判断数字是否为整形;
' 值为0时,过滤特殊字符串。
'============================================
Function srequest(ParaName,ParaType)
Dim ParaValue
ParaValue=ParaName
If ParaType=1 then
If not isNumeric(ParaValue) then
Response.write "参数" & ParaName & "必须为数字型!"
Response.end
End if
end if
if ParaType=0 then
ParaValue=replace(ParaValue,"'","''")
ParaValue=replace(ParaValue,"'","’")
ParaValue=replace(ParaValue,";",";")
ParaValue=replace(ParaValue,">","》")
ParaValue=replace(ParaValue,"<","《")
ParaValue=replace(ParaValue,"=","=")
ParaValue=replace(ParaValue,"%","%")
ParaValue=replace(ParaValue,",",",")
ParaValue=replace(ParaValue,".","。")
ParaValue=replace(ParaValue,"@","¥")
ParaValue=replace(ParaValue,"*","*")
ParaValue=replace(ParaValue,"?","?")
ParaValue=replace(ParaValue,"(","(")
ParaValue=replace(ParaValue,")",")")
ParaValue=replace(ParaValue,"#","#")
ParaValue=replace(ParaValue,"!","!")
ParaValue=Lcase(ParaValue)
If Instr(ParaValue,"select") or Instr(ParaValue,"insert") or Instr(ParaValue,"delete") or Instr(ParaValue,"count(") or Instr(ParaValue,"table") or Instr(ParaValue,"update") or Instr(ParaValue,"truncate") or Instr(ParaValue,"asc(") or Instr(ParaValue,"mid(") or Instr(ParaValue,"char(") or Instr(ParaValue,"xp_cmdshell") or Instr(ParaValue,"exec%20master") or Instr(ParaValue,"net%20localgroup%20administrators") or Instr(ParaValue,":") or Instr(ParaValue,"net%20user") or Instr(ParaValue,"'") or Instr(ParaValue,"%20or%20") then
Response.write "参数" & ParaName & "有问题!"
Response.end
end if
ParaValue=replace(ParaValue,"'","''")
End if
SRequest=ParaValue
End function
|