aspºǫ́µÇ½ҳÃæ²»Ìøת - Web ¿ª·¢ / ASP
<%
admin=trim(request.form("admin"))
password=trim(request.form("password"))
set rs1=server.CreateObject("adodb.recordset")
if admin<>"" and password<>"" then
rs1.open "select * from yonghu where username='"&admin&"' and password='"&password&"'",conn,1,3
if not (rs1.bof and rs1.eof) then
session("password")=rs1("password")
response.Redirect("bdxhsdlogin.asp")
else
response.Redirect("index.asp")
end if
else
response.Redirect("index.asp")
end if
%>
Õâ¶Î´úÂëûÓдí°É£¡
ÕâÊÇcheck.asp£¡¿ÉΪʲôµÇ½ÕýÈ·ÁËÒ³Ãæ²»Ìøת°¡£¿¶øÇÒlogin.aspÖеÄactionÁ´½Ócheck.aspÊǾͳöÏÖ500´íÎó Ôõô»ØÊ°¡£¿
Óõ¯³ö´°¿Ú²âÊÔÏ°ɣ¬Õâ¸öÎÊÌâÓ¦¸ÃºÜÈÝÒ×½â¾ö
Ôõô¸öÒâ˼
ÓÃresponse.write("<script>alert('****')</script>")¼ÓÔÚÿһ¸öÅжϵĺóÃæ²âÊÔÏÂÁ÷³Ì£¬¿´´úÂëÊÇÔõôִÐеģ¬Ó¦¸ÃºÜ¿ì¾ÍÄÜÕÒµ½ÔÒòµÄ¡£
admin=trim(request.form("admin"))
password=trim(request.form("password"))
set rs1=server.CreateObject("adodb.recordset")
if admin<>"" and password<>"" then
'ÏÈ檢²é¿´¿´sql commandµÄ語¾äÊÇ·ñ¶¼ÓÐ齊È«ÁË
str = "select * from yonghu where username='
Ïà¹ØÎÊ´ð£º
C# code:
SqlConnection conn = CsDB.sqlcon();
SqlDataAdapter da = new SqlDataAdapter("select fwCoding from bjmuma_fwCoding where OrderNumber='" + Order + & ......
ÍòÍøµÄ·þÎñÆ÷Ö§³Öα¾²Ì¬µÄ,Ö±½ÓÓÃrewriteÔÚweb.configÎļþд¹æÔò,Ò²²»Óð²×°×é¼þ¾Í¿ÉÒÔʵÏÖα¾²Ì¬,µ«ÊÇÔÚʱ´ú»¥Áª·þÎñÆ÷¾ÍÓò»ÁËÁË,×ÉѯËüµÄ¿Í·þ,Ëû˵ËûÃÇ·þÎñÆ÷(»ù±¾ÐÍC)²»Ö§³Öα¾²Ì¬µÄ.ÇëÎÊһϸ÷λÎÒ¸ÃÓÃʲô·½·¨ ......
asp.netÅúÁ¿ÉÏ´«Í¼Æ¬×îºÃÓÐÔ´Â룬ÔÚÏߵȣ¡£¡£¡£¡£¡£¡£¡
Ô´ÂëºÜ³¤µÄ¡£
²Î¿¼
C# code:
HttpFileCollection files = HttpContext.Current.Request.Files;
if (files.Count <= 1)
{
......
ÎÒÓÐÁ½¸ödropdownlist¶¼°óºÃÁËÖµ£¬ÏëÑ¡ÖÐÒ»¸ödropdownlistÖеÄÖµ£¬È»ºóÔÚÁíÒ»¸ödropdownlistÖÐÑ¡ÖÐÏàÓ¦µÄÒ»Ïî¡£
²»ÊÇ´Óа󶨵ڶþ¸ödropdownlist£¬ÊÇÔÚÒѾ°óºÃµÄÖµµ±ÖÐÑ¡ÖÐÒ»¸ö¡£
ÎÒÏëÓÃjsд
ÇóÖú
Äã¿ÉÒÔ°Ñdrop ......
¹ØÓÚÍøÕ¾°²È«µÄÎÊÌ⣡
ÎÒÁ˽⵽µÄÍøÕ¾°²È«ÎÊÌâ°üÀ¨£º
sql×¢È멶´ºÍ±©¿â©¶´»¹ÓÐÉÏ´«Â©¶´
³ýÁËÕâЩ»¹ÓÐÆäËûµÄ©¶´Ã´£¿
×¢È멶´¿ÉÒÔͨ¹ý¹ýÂËÀ´·ÀÖ¹
±©¿â©¶´Ôõô·ÀÖ¹
»¹ÓÐÈËÉÏ´«µÄľÂíÊÇ.gif
ÕâÖÖ©¶´Ôõôȥ± ......
