aspºǫ́µÇ½ҳÃæ²»Ìøת - Web ¿ª·¢ / ASP
<%
admin=trim(request.form("admin"))
password=trim(request.form("password"))
set rs1=server.CreateObject("adodb.recordset")
if admin<>"" and password<>"" then
rs1.open "select * from yonghu where username='"&admin&"' and password='"&password&"'",conn,1,3
if not (rs1.bof and rs1.eof) then
session("password")=rs1("password")
response.Redirect("bdxhsdlogin.asp")
else
response.Redirect("index.asp")
end if
else
response.Redirect("index.asp")
end if
%>
Õâ¶Î´úÂëûÓдí°É£¡
ÕâÊÇcheck.asp£¡¿ÉΪʲôµÇ½ÕýÈ·ÁËÒ³Ãæ²»Ìøת°¡£¿¶øÇÒlogin.aspÖеÄactionÁ´½Ócheck.aspÊǾͳöÏÖ500´íÎó Ôõô»ØÊ°¡£¿
Óõ¯³ö´°¿Ú²âÊÔÏ°ɣ¬Õâ¸öÎÊÌâÓ¦¸ÃºÜÈÝÒ×½â¾ö
Ôõô¸öÒâ˼
ÓÃresponse.write("<script>alert('****')</script>")¼ÓÔÚÿһ¸öÅжϵĺóÃæ²âÊÔÏÂÁ÷³Ì£¬¿´´úÂëÊÇÔõôִÐеģ¬Ó¦¸ÃºÜ¿ì¾ÍÄÜÕÒµ½ÔÒòµÄ¡£
admin=trim(request.form("admin"))
password=trim(request.form("password"))
set rs1=server.CreateObject("adodb.recordset")
if admin<>"" and password<>"" then
'ÏÈ檢²é¿´¿´sql commandµÄ語¾äÊÇ·ñ¶¼ÓÐ齊È«ÁË
str = "select * from yonghu where username='
Ïà¹ØÎÊ´ð£º
C# code:
SqlConnection conn = CsDB.sqlcon();
SqlDataAdapter da = new SqlDataAdapter("select fwCoding from bjmuma_fwCoding where OrderNumber='" + Order + & ......
C# code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Runtime.InteropServices;
nam ......
ÏÖÓÐÒ»¸ö±í¸ñ£¬ÓкܶàÐÐÊý×é¡£
ÏëÒªÒ»¸ö½Å±¾£¬¶ÁÈ¡ËùÓÐÐеÄÊý×éºóÊä³ö¡£
Êä³öÇ°²»ÏÔʾÕý³£Ë³ÐòµÄ±í¸ñÊý×飬¶øÖ±½ÓÏÔʾ³ö¶ÁÈ¡ºóµÄÊý×é¡£
Â¥Ö÷µÄ±í´ïʵÔÚ³ÉÎÊÌ⣡£¡
ÊDz»ÊÇÕâ¸öÒâ˼£¿
<%
Dim ArrDNA£¨10£¬10£ ......
