ASP教程之Ewebeditor和fckeditork编纂器单引号过...

ASP.NET和ASP的比较,技术上比较已经没什么可说的了.新一代在大部分程度来说当然是比旧一代好了.关键看你对所做软件的理解了.因人而定.会写的话也可能比ASP.NET写得更有效率和更方便重用</p>Ewebeditor及fckeditork，90%的网站都是接纳这两种编纂器作为产物大概内容的申明部分的编纂窗口，克日，一客户的外贸站点基础上快竣工了，因客户产物分类多，故而让客户本人在背景增加产物，可是客户反应，在背景增加产物时，假如产物申明内容太甚庞大的话，产物怎样也增加不进数据库中。
事先，我们也好生忧郁，这究竟怎样回事，我们亲身测试背景增加恣意的产物大概笔墨都能乐成，恰恰他就不可，在网站搜刮了相干的如“Ewebeditor不克不及增加到数据库”，仿佛找到了一点谜底，因Ewebeditor本身没对单引号过滤，招致了增加不到数据库的成绩。因而乎，我们把编纂器换成了fckeditork，但是仍是不可，那是Ewebeditor及fckeditork自带的不完美招致的吗？为何一个复杂的单引号会激发不克不及增加到数据库呢，想到这里，我们想到了剖析下进库代码，我们接纳的是SQL=insertintoproduct(title,content)values("&request("title")&","&request("content")&")的写法，因而我们找到客户事先COPY进编纂器里的内容，发明，公然这内容中包含有单引号，本来，恰是因为客户提交到编纂器里的内容中含有单引号，招致我们的SQL语句变更了，相称于本来是SQL=insertintoproduct(title,content)values(内容,内容)酿成了SQL=insertintoproduct(title,content)values(内容,内容)，我们细看就晓得，就由于这content里多了个单引号，SQL语句产生的严峻的写法毛病，可是，我们也奇异，既然他写法毛病，为何SQL语句不给堕落误提醒呢，居然也会提醒操纵乐成，想到这里，我们想到了2003年那几年，广泛的小黑客喜好用的or=or的背景进侵法，是乎恰是使用了SQL实行时，没过滤单引号的BUG，招致SQL怎样实行，了局都前往真，呵呵，没想到，原觉得写程序只管图个复杂了然，也是个错啊。好了，成绩找到了，今后，但凡SQL进库前，我们都把字段过滤后再传值，就不会再出如许的成绩了，上面是一个十分完美的SQL平安过滤函数，人人间接拿往就能够挪用了。
FunctionHTMLEncode(Str)
IfIsnull(Str)Then
HTMLEncode=""
ExitFunction
EndIf
Str=Replace(Str,Chr(0),"",1,-1,1)
Str=Replace(Str,"""",""",1,-1,1)
Str=Replace(Str,"<","<",1,-1,1)
Str=Replace(Str,">",">",1,-1,1)
Str=Replace(Str,"script","script",1,-1,0)
Str=Replace(Str,"SCRIPT","SCRIPT",1,-1,0)
Str=Replace(Str,"Script","Script",1,-1,0)
Str=Replace(Str,"script","Script",1,-1,1)
Str=Replace(Str,"object","object",1,-1,0)
Str=Replace(Str,"OBJECT","OBJECT",1,-1,0)
Str=Replace(Str,"Object","Object",1,-1,0)
Str=Replace(Str,"object","Object",1,-1,1)
Str=Replace(Str,"applet","applet",1,-1,0)
Str=Replace(Str,"APPLET","APPLET",1,-1,0)
Str=Replace(Str,"Applet","Applet",1,-1,0)
Str=Replace(Str,"applet","Applet",1,-1,1)
Str=Replace(Str,"[","[")
Str=Replace(Str,"]","]")
Str=Replace(Str,"""","",1,-1,1)
Str=Replace(Str,"=","=",1,-1,1)
Str=Replace(Str,"","",1,-1,1)
Str=Replace(Str,"select","select",1,-1,1)
Str=Replace(Str,"execute","&#101xecute",1,-1,1)
Str=Replace(Str,"exec","&#101xec",1,-1,1)
Str=Replace(Str,"join","join",1,-1,1)
Str=Replace(Str,"union","union",1,-1,1)
Str=Replace(Str,"where","where",1,-1,1)
Str=Replace(Str,"insert","insert",1,-1,1)
Str=Replace(Str,"delete","delete",1,-1,1)
Str=Replace(Str,"update","update",1,-1,1)
Str=Replace(Str,"like","like",1,-1,1)
Str=Replace(Str,"drop","drop",1,-1,1)
Str=Replace(Str,"create","create",1,-1,1)
Str=Replace(Str,"rename","rename",1,-1,1)
Str=Replace(Str,"count","count",1,-1,1)
Str=Replace(Str,"chr","chr",1,-1,1)
Str=Replace(Str,"mid","mid",1,-1,1)
Str=Replace(Str,"truncate","truncate",1,-1,1)
Str=Replace(Str,"nchar","nchar",1,-1,1)
Str=Replace(Str,"char","char",1,-1,1)
Str=Replace(Str,"alter","alter",1,-1,1)
Str=Replace(Str,"cast","cast",1,-1,1)
Str=Replace(Str,"exists","exists",1,-1,1)
Str=Replace(Str,Chr(13),"<br>",1,-1,1)
HTMLEncode=Replace(Str,"","",1,-1,1)
EndFunction
文章首发：http://www.搜索引擎优化hf.com/搜索引擎优化news/view654.html如需转载，请说明出处。
想法是和程序员的想法不一样的.至于为什么.大家去想一想.跟心理学有关的

尽管MS自己讲C#内核中更多的象VC，但实际上我还是认为它和Java更象一些吧。首先它是面向对象的编程语言，而不是一种脚本，所以它具有面向对象编程语言的一切特性，比如封装性、继承性、多态性等等，这就解决了刚才谈到的ASP的那些弱点。

Response:从字面上讲是“响应”，因此这个是服务端向客户端发送东西的，例如Response.Write

另外因为asp需要使用组件，所以了解一点组件的知识(ADODB也是组件)

先学习用frontpage熟悉html编辑然后学习asp和vbscript建议买书进行系统学习

仓酷云

我可以结合自己的经验大致给你说一说，希望对你有所帮助，少走些弯路。

我认为比较好的方法是找一些比较经典的例子，每个例子比较集中一种编程思想而设计的。

如何学好ASP,以前也有人问过,把回答给你转过来看看能否对你有帮助: