Ewebeditor和fckeditork编辑器过滤单引号
我们采用的是SQL=insert into product(title,content) values(' &request(title)& ' ,' &request(content)& ' )的写法,于是我们找到客户当时COPY进编辑器里的内容,发现,果然这内容中包括有单引号,原来,正是由于客户提交到编辑器里的内容中含有单引号,导致我们的SQL语句变化了,相当于原来是SQL=insert into product(title,content) values('内容' ,'内容' )变成了SQL=insert into product(title,content) values(' 内容' ,' 内容'' ),我们细看就知道,就因为这content里多了个单引号,SQL语句发生的严重的写法错误,但是,我们也奇怪,既然他写法错误,为什么SQL语句不给出错误提示呢,竟然也会提示操作成功,想到这里,我们想到了2003年那几年,普遍的小黑客喜欢用的' or' =' or' 的后台入侵法,是乎正是利用了SQL执行时,没过滤单引号的BUG,导致SQL怎么执行,结果都返回真,呵呵,没想到,原以为写程序尽量图个简单明了,也是个错啊。好了,问题找到了,以后,凡是SQL入库前,我们都把字段过滤后再传值,就不会再出这样的问题了,下面是一个非常完善的SQL安全过滤函数,大家直接拿去就可以调用了。
Function HTMLEncode(Str)
If Isnull(Str) Then
HTMLEncode =
Exit Function
End If
Str = Replace(Str,Chr(0),, 1, -1, 1)
Str = Replace(Str, , ", 1, -1, 1)
Str = Replace(Str,<,<, 1, -1, 1)
Str = Replace(Str,>,>, 1, -1, 1)
Str = Replace(Str, script, script, 1, -1, 0)
Str = Replace(Str, SCRIPT, SCRIPT, 1, -1, 0)
Str = Replace(Str, Script, Script, 1, -1, 0)
Str = Replace(Str, script, Script, 1, -1, 1)
Str = Replace(Str, object, object, 1, -1, 0)
Str = Replace(Str, OBJECT, OBJECT, 1, -1, 0)
Str = Replace(Str, Object, Object, 1, -1, 0)
Str = Replace(Str, object, Object, 1, -1, 1)
Str = Replace(Str, applet, applet, 1, -1, 0)
Str = Replace(Str, APPLET, APPLET, 1, -1, 0)
Str = Replace(Str, Applet, Applet, 1, -1, 0)
Str = Replace(Str, applet, Applet, 1, -1, 1)
Str = Replace(Str, [, [)
Str = Replace(Str, ], ])
Str = Replace(Str, , , 1, -1, 1)
Str = Replace(Str, =, =, 1, -1, 1)
Str = Replace(Str, ', '', 1, -1, 1)
Str = Replace(Str, select, select, 1, -1, 1)
Str = Replace(Str, execute, execute, 1, -1, 1)
Str = Replace(Str, exec, exec, 1, -1, 1)
Str = Replace(Str, join, join, 1, -1, 1)
Str = Replace(Str, union , union, 1, -1, 1)
Str = Replace(Str, where, where, 1, -1, 1)
Str = Replace(Str, insert, insert, 1, -1, 1)
Str = Replace(Str, delete, delete, 1, -1, 1)
Str = Replace(Str, update, update, 1, -1, 1)
Str = Replace(Str, like, like, 1, -1, 1)
Str = Replace(Str, drop, drop, 1, -1, 1)
Str = Replace(Str, create, create, 1, -1, 1)
Str = Replace(Str, rename, rename, 1, -1, 1)
Str = Replace(Str, count, count, 1, -1, 1)
Str = Replace(Str, chr, chr, 1, -1, 1)
Str = Replace(Str, mid, mid, 1, -1, 1)
Str = Replace(Str, truncate, truncate, 1, -1, 1)
Str = Replace(Str, nchar, nchar, 1, -1, 1)
Str = Replace(Str, char, char, 1, -1, 1)
Str = Replace(Str, alter, alter, 1, -1, 1)
Str = Replace(Str, cast, cast, 1, -1, 1)
Str = Replace(Str, exists, exists, 1, -1, 1)
Str = Replace(Str,Chr(13), , 1, -1, 1)
HTMLEncode = Replace(Str,','', 1, -1, 1)
End Function