Ewebeditor及fckeditork,90%的網站都是采用這兩種編輯器作為產品或者內容的說明部分的編輯窗口,近日,一客戶的外貿站點基本上快完工了,因客戶產品分類多,故而讓客戶自己在後台添加產品,但是客戶反映,在後台添加產品時,如果產品說明內容太過復雜的話,產品怎麼也添加不入數據庫中。
當時,我們也好生郁悶,這到底怎麼回事,我們親自測試後台添加任意的產品或者文字都能成功,偏偏他就不行,在網站搜索了相關的如“Ewebeditor 不能添加到數據庫”,似乎找到了一點答案,因Ewebeditor自身沒對單引號過濾,導致了添加不到數據庫的問題。於是乎,我們把編輯器換成了fckeditork,可是還是不行,那是Ewebeditor及fckeditork自帶的不完善導致的嗎?為什麼一個簡單的單引號會引發不能添加到數據庫呢,想到這裡,我們想到了分析下入庫代碼,我們采用的是SQL=insert into product(title,content) values(' " &request("title")& "' ,' "&request("content")& " ' )的寫法,於是我們找到客戶當時COPY進編輯器裡的內容,發現,果然這內容中包括有單引號,原來,正是由於客戶提交到編輯器裡的內容中含有單引號,導致我們的SQL語句變化了,相當於原來是SQL=insert into product(title,content) values('內容' ,'內容' )變成了SQL=insert into product(title,content) values(' 內容' ,' 內容'' ),我們細看就知道,就因為這content裡多了個單引號,SQL語句發生的嚴重的寫法錯誤,但是,我們也奇怪,既然他寫法錯誤,為什麼SQL語句不給出錯誤提示呢,竟然也會提示操作成功,想到這裡,我們想到了2003年那幾年,普遍的小黑客喜歡用的' or' =' or' 的後台入侵法,是乎正是利用了SQL執行時,沒過濾單引號的BUG,導致SQL怎麼執行,結果都返回真,呵呵,沒想到,原以為寫程序盡量圖個簡單明了,也是個錯啊。好了,問題找到了,以後,凡是SQL入庫前,我們都把字段過濾後再傳值,就不會再出這樣的問題了,下面是一個非常完善的SQL安全過濾函數,大家直接拿去就可以調用了。
Function HTMLEncode(Str)
If Isnull(Str) Then
HTMLEncode = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
Str = Replace(Str, """", """, 1, -1, 1)
Str = Replace(Str,"<","<", 1, -1, 1)
Str = Replace(Str,">",">", 1, -1, 1)
Str = Replace(Str, "script", "script", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "Script", 1, -1, 0)
Str = Replace(Str, "script", "Script", 1, -1, 1)
Str = Replace(Str, "object", "object", 1, -1, 0)
Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0)
Str = Replace(Str, "Object", "Object", 1, -1, 0)
Str = Replace(Str, "object", "Object", 1, -1, 1)
Str = Replace(Str, "applet", "applet", 1, -1, 0)
Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0)
Str = Replace(Str, "Applet", "Applet", 1, -1, 0)
Str = Replace(Str, "applet", "Applet", 1, -1, 1)
Str = Replace(Str, "[", "[")
Str = Replace(Str, "]", "]")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "=", 1, -1, 1)
Str = Replace(Str, "'", "''", 1, -1, 1)
Str = Replace(Str, "select", "select", 1, -1, 1)
Str = Replace(Str, "execute", "execute", 1, -1, 1)
Str = Replace(Str, "exec", "exec", 1, -1, 1)
Str = Replace(Str, "join", "join", 1, -1, 1)
Str = Replace(Str, "union", "union", 1, -1, 1)
Str = Replace(Str, "where", "where", 1, -1, 1)
Str = Replace(Str, "insert", "insert", 1, -1, 1)
Str = Replace(Str, "delete", "delete", 1, -1, 1)
Str = Replace(Str, "update", "update", 1, -1, 1)
Str = Replace(Str, "like", "like", 1, -1, 1)
Str = Replace(Str, "drop", "drop", 1, -1, 1)
Str = Replace(Str, "create", "create", 1, -1, 1)
Str = Replace(Str, "rename", "rename", 1, -1, 1)
Str = Replace(Str, "count", "count", 1, -1, 1)
Str = Replace(Str, "chr", "chr", 1, -1, 1)
Str = Replace(Str, "mid", "mid", 1, -1, 1)
Str = Replace(Str, "truncate", "truncate", 1, -1, 1)
Str = Replace(Str, "nchar", "nchar", 1, -1, 1)
Str = Replace(Str, "char", "char", 1, -1, 1)
Str = Replace(Str, "alter", "alter", 1, -1, 1)
Str = Replace(Str, "cast", "cast", 1, -1, 1)
Str = Replace(Str, "exists", "exists", 1, -1, 1)
Str = Replace(Str,Chr(13),"<br>", 1, -1, 1)
HTMLEncode = Replace(Str,"'","''", 1, -1, 1)
End Function
文章首發:http://www.seohf.com/seonews/view654.html 如需轉載,請注明出處。
