首页 > 编程 > ASP > 正文

Ewebeditor和fckeditork编辑器过滤单引号

2024-05-04 11:07:25
字体:
来源:转载
供稿:网友

Ewebeditor和fckeditork编辑器过滤单引号

      我们采用的是SQL=insert into product(title,content) values(' " &request("title")& "' ,' "&request("content")& " ' )的写法,于是我们找到客户当时COPY进编辑器里的内容,发现,果然这内容中包括有单引号,原来,正是由于客户提交到编辑器里的内容中含有单引号,导致我们的SQL语句变化了,相当于原来是SQL=insert into product(title,content) values('内容' ,'内容' )变成了SQL=insert into product(title,content) values(' 内容' ,' 内容'' ),我们细看就知道,就因为这content里多了个单引号,SQL语句发生的严重的写法错误,但是,我们也奇怪,既然他写法错误,为什么SQL语句不给出错误提示呢,竟然也会提示操作成功,想到这里,我们想到了2003年那几年,普遍的小黑客喜欢用的' or' =' or' 的后台入侵法,是乎正是利用了SQL执行时,没过滤单引号的BUG,导致SQL怎么执行,结果都返回真,呵呵,没想到,原以为写程序尽量图个简单明了,也是个错啊。好了,问题找到了,以后,凡是SQL入库前,我们都把字段过滤后再传值,就不会再出这样的问题了,下面是一个非常完善的SQL安全过滤函数,大家直接拿去就可以调用了。
Function HTMLEncode(Str)
 If Isnull(Str) Then
     HTMLEncode = ""
     Exit Function
 End If
 Str = Replace(Str,Chr(0),"", 1, -1, 1)
 Str = Replace(Str, """", """, 1, -1, 1)
 Str = Replace(Str,"<","&lt;", 1, -1, 1)
 Str = Replace(Str,">","&gt;", 1, -1, 1)
 Str = Replace(Str, "script", "&#115;cript", 1, -1, 0)
 Str = Replace(Str, "SCRIPT", "&#083;CRIPT", 1, -1, 0)
 Str = Replace(Str, "Script", "&#083;cript", 1, -1, 0)
 Str = Replace(Str, "script", "&#083;cript", 1, -1, 1)
 Str = Replace(Str, "object", "&#111;bject", 1, -1, 0)
 Str = Replace(Str, "OBJECT", "&#079;BJECT", 1, -1, 0)
 Str = Replace(Str, "Object", "&#079;bject", 1, -1, 0)
 Str = Replace(Str, "object", "&#079;bject", 1, -1, 1)
 Str = Replace(Str, "applet", "&#097;pplet", 1, -1, 0)
 Str = Replace(Str, "APPLET", "&#065;PPLET", 1, -1, 0)
 Str = Replace(Str, "Applet", "&#065;pplet", 1, -1, 0)
 Str = Replace(Str, "applet", "&#065;pplet", 1, -1, 1)
 Str = Replace(Str, "[", "&#091;")
 Str = Replace(Str, "]", "&#093;")
 Str = Replace(Str, """", "", 1, -1, 1)
 Str = Replace(Str, "=", "&#061;", 1, -1, 1)
 Str = Replace(Str, "'", "''", 1, -1, 1)
 Str = Replace(Str, "select", "sel&#101;ct", 1, -1, 1)
 Str = Replace(Str, "execute", "&#101xecute", 1, -1, 1)
 Str = Replace(Str, "exec", "&#101xec", 1, -1, 1)
 Str = Replace(Str, "join", "jo&#105;n", 1, -1, 1)
 Str = Replace(Str, "union  ", "un&#105;on", 1, -1, 1)
 Str = Replace(Str, "where", "wh&#101;re", 1, -1, 1)
 Str = Replace(Str, "insert", "ins&#101;rt", 1, -1, 1)
 Str = Replace(Str, "delete", "del&#101;te", 1, -1, 1)
 Str = Replace(Str, "update", "up&#100;ate", 1, -1, 1)
 Str = Replace(Str, "like", "lik&#101;", 1, -1, 1)
 Str = Replace(Str, "drop", "dro&#112;", 1, -1, 1)
 Str = Replace(Str, "create", "cr&#101;ate", 1, -1, 1)
 Str = Replace(Str, "rename", "ren&#097;me", 1, -1, 1)
 Str = Replace(Str, "count", "co&#117;nt", 1, -1, 1)
 Str = Replace(Str, "chr", "c&#104;r", 1, -1, 1)
 Str = Replace(Str, "mid", "m&#105;d", 1, -1, 1)
 Str = Replace(Str, "truncate", "trunc&#097;te", 1, -1, 1)
 Str = Replace(Str, "nchar", "nch&#097;r", 1, -1, 1)
 Str = Replace(Str, "char", "ch&#097;r", 1, -1, 1)
 Str = Replace(Str, "alter", "alt&#101;r", 1, -1, 1)
 Str = Replace(Str, "cast", "ca&#115;t", 1, -1, 1)
 Str = Replace(Str, "exists", "e&#120;ists", 1, -1, 1)
 Str = Replace(Str,Chr(13)," ", 1, -1, 1)
 HTMLEncode = Replace(Str,"'","''", 1, -1, 1)
End Function

发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表