Ewebeditor和fckeditork編輯器過濾單引號
我們采用的是SQL=insert into product(title,content) values(' " &request("title")& "' ,' "&request("content")& " ' )的寫法,于是我們找到客戶當時COPY進編輯器里的內(nèi)容,發(fā)現(xiàn),果然這內(nèi)容中包括有單引號,原來,正是由于客戶提交到編輯器里的內(nèi)容中含有單引號,導(dǎo)致我們的SQL語句變化了,相當于原來是SQL=insert into product(title,content) values('內(nèi)容' ,'內(nèi)容' )變成了SQL=insert into product(title,content) values(' 內(nèi)容' ,' 內(nèi)容'' ),我們細看就知道,就因為這content里多了個單引號,SQL語句發(fā)生的嚴重的寫法錯誤,但是,我們也奇怪,既然他寫法錯誤,為什么SQL語句不給出錯誤提示呢,竟然也會提示操作成功,想到這里,我們想到了2003年那幾年,普遍的小黑客喜歡用的' or' =' or' 的后臺入侵法,是乎正是利用了SQL執(zhí)行時,沒過濾單引號的BUG,導(dǎo)致SQL怎么執(zhí)行,結(jié)果都返回真,呵呵,沒想到,原以為寫程序盡量圖個簡單明了,也是個錯啊。好了,問題找到了,以后,凡是SQL入庫前,我們都把字段過濾后再傳值,就不會再出這樣的問題了,下面是一個非常完善的SQL安全過濾函數(shù),大家直接拿去就可以調(diào)用了。
Function HTMLEncode(Str)
If Isnull(Str) Then
HTMLEncode = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
Str = Replace(Str, """", """, 1, -1, 1)
Str = Replace(Str,"<","<", 1, -1, 1)
Str = Replace(Str,">",">", 1, -1, 1)
Str = Replace(Str, "script", "script", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "Script", 1, -1, 0)
Str = Replace(Str, "script", "Script", 1, -1, 1)
Str = Replace(Str, "object", "object", 1, -1, 0)
Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0)
Str = Replace(Str, "Object", "Object", 1, -1, 0)
Str = Replace(Str, "object", "Object", 1, -1, 1)
Str = Replace(Str, "applet", "applet", 1, -1, 0)
Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0)
Str = Replace(Str, "Applet", "Applet", 1, -1, 0)
Str = Replace(Str, "applet", "Applet", 1, -1, 1)
Str = Replace(Str, "[", "[")
Str = Replace(Str, "]", "]")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "=", 1, -1, 1)
Str = Replace(Str, "'", "''", 1, -1, 1)
Str = Replace(Str, "select", "select", 1, -1, 1)
Str = Replace(Str, "execute", "execute", 1, -1, 1)
Str = Replace(Str, "exec", "exec", 1, -1, 1)
Str = Replace(Str, "join", "join", 1, -1, 1)
Str = Replace(Str, "union ", "union", 1, -1, 1)
Str = Replace(Str, "where", "where", 1, -1, 1)
Str = Replace(Str, "insert", "insert", 1, -1, 1)
Str = Replace(Str, "delete", "delete", 1, -1, 1)
Str = Replace(Str, "update", "update", 1, -1, 1)
Str = Replace(Str, "like", "like", 1, -1, 1)
Str = Replace(Str, "drop", "drop", 1, -1, 1)
Str = Replace(Str, "create", "create", 1, -1, 1)
Str = Replace(Str, "rename", "rename", 1, -1, 1)
Str = Replace(Str, "count", "count", 1, -1, 1)
Str = Replace(Str, "chr", "chr", 1, -1, 1)
Str = Replace(Str, "mid", "mid", 1, -1, 1)
Str = Replace(Str, "truncate", "truncate", 1, -1, 1)
Str = Replace(Str, "nchar", "nchar", 1, -1, 1)
Str = Replace(Str, "char", "char", 1, -1, 1)
Str = Replace(Str, "alter", "alter", 1, -1, 1)
Str = Replace(Str, "cast", "cast", 1, -1, 1)
Str = Replace(Str, "exists", "exists", 1, -1, 1)
Str = Replace(Str,Chr(13)," ", 1, -1, 1)
HTMLEncode = Replace(Str,"'","''", 1, -1, 1)
End Function
新聞熱點
疑難解答
