Ewebeditor和fckeditork編輯器過濾單引號
我們採用的是SQL=insert into product(title,content) values(' &request(title)& ' ,' &request(content)& ' )的寫法,於是我們找到客戶當時COPY進編輯器裡的內容,發現,果然這內容包含有單引號,原來,正是由於客戶提交到編輯器裡的內容中含有單引號,導致我們的SQL語句變化了,相當於原來是SQL=insert into product(title,content) values('內容' ,'內容' )變成了SQL=insert into product(title,content) values(' 內容' ,' 內容'' ),我們細看就知道,就因為這content裡多了個單引號,SQL語句發生的嚴重的寫法錯誤,但是,我們也奇怪,既然他寫法錯誤,為什麼SQL語句不給錯誤提示呢,竟然也會提示操作成功,想到這裡,我們想到了2003年那幾年,普遍的小黑客喜歡用的' 或' =' 或'的後台入侵法,是乎正是利用了SQL執行時,沒過濾單引號的BUG,導致SQL怎麼執行,結果都回真,呵呵,沒想到,原以為寫程式盡量圖了,也是個錯啊。好了,問題找到了,以後,凡是SQL入庫前,我們都把字段過濾後再傳值,就不會再出這樣的問題了,下面是一個非常完善的SQL安全過濾函數,大家直接拿去就可以調用了。
Function HTMLEncode(Str)
If Isnull(Str) Then
HTMLEncode =
Exit Function
End If
Str = Replace(Str,Chr(0),, 1, -1, 1)
Str = Replace(Str, , ", 1, -1, 1)
Str = Replace(Str,<,<, 1, -1, 1)
Str = Replace(Str,>,>, 1, -1, 1)
Str = Replace(Str, script, script, 1, -1, 0)
Str = Replace(Str, SCRIPT, SCRIPT, 1, -1, 0)
Str = Replace(Str, Script, Script, 1, -1, 0)
Str = Replace(Str, script, Script, 1, -1, 1)
Str = Replace(Str, object, object, 1, -1, 0)
Str = Replace(Str, OBJECT, OBJECT, 1, -1, 0)
Str = Replace(Str, Object, Object, 1, -1, 0)
Str = Replace(Str, object, Object, 1, -1, 1)
Str = Replace(Str, applet, applet, 1, -1, 0)
Str = Replace(Str, APPLET, APPLET, 1, -1, 0)
Str = Replace(Str, Applet, Applet, 1, -1, 0)
Str = Replace(Str, applet, Applet, 1, -1, 1)
Str = Replace(Str, [, [)
Str = Replace(Str, ], ])
Str = Replace(Str, , , 1, -1, 1)
Str = Replace(Str, =, =, 1, -1, 1)
Str = Replace(Str, ', '', 1, -1, 1)
Str = Replace(Str, select, select, 1, -1, 1)
Str = Replace(Str, execute, execute, 1, -1, 1)
Str = Replace(Str, exec, exec, 1, -1, 1)
Str = Replace(Str, join, join, 1, -1, 1)
Str = Replace(Str, union , union, 1, -1, 1)
Str = Replace(Str, where, where, 1, -1, 1)
Str = Replace(Str, insert, insert, 1, -1, 1)
Str = Replace(Str, delete, delete, 1, -1, 1)
Str = Replace(Str, update, update, 1, -1, 1)
Str = Replace(Str, like, like, 1, -1, 1)
Str = Replace(Str, drop, drop, 1, -1, 1)
Str = Replace(Str, create, create, 1, -1, 1)
Str = Replace(Str, rename, rename, 1, -1, 1)
Str = Replace(Str, count, count, 1, -1, 1)
Str = Replace(Str, chr, chr, 1, -1, 1)
Str = Replace(Str, mid, mid, 1, -1, 1)
Str = Replace(Str, truncate, truncate, 1, -1, 1)
Str = Replace(Str, nchar, nchar, 1, -1, 1)
Str = Replace(Str, char, char, 1, -1, 1)
Str = Replace(Str, alter, alter, 1, -1, 1)
Str = Replace(Str, cast, cast, 1, -1, 1)
Str = Replace(Str, exists, exists, 1, -1, 1)
Str = Replace(Str,Chr(13), , 1, -1, 1)
HTMLEncode = Replace(Str,','', 1, -1, 1)
End Function