asp·ÀSQL×¢ÈëÎÊÌ⣬¸ßÊÖÇëÖ¸½Ì - Web ¿ª·¢ / ASP
ÎÒÊǸöASPÐÂÊÖ£¬£¬ÏÖÔÚ×öÒ»¸öСÏîÄ¿£¬ÐèÒª¼Ó·ÀSQL×¢Èë¹¥»÷¡£
²»ÖªµÀ¸ÃÔõôʵÏÖ£¬Ö÷ÒªÊÇÔõôÑù°Ñ·À×¢ÈëµÄÏà¹Øº¯ÊýºÍÎÒµÄÎļþ½áºÏÆðÀ´ÄØ¡£
Çë´óϺ¶à¶àÖ¸µã
<%
dim sql_leach,sql_leach_0,Sql_DATA
sql_leach = "',and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare"
sql_leach_0 = split(sql_leach,",")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(sql_leach_0)
if instr(Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA))>0 Then
Response.Write "Çë²»Òª³¢ÊÔ½øÐÐSQL×¢È룡"
Response.end
end if
next
Next
End If
%>
»¹¿ÉÒÔ¹ýÂË
<%
function coder(str)
dim i
if isnull(str) then
coder=""
exit function
end if
for i = 1 to len(str)
select case mid(str,i,1)
case "<" : coder = coder &"<"
case ">" : coder = coder &">"
case "&" : coder = coder &"&"
case chr(9) : coder = coder &" &nbs
Ïà¹ØÎÊ´ð£º
http://www.zgjhjy.com/Test/PrimaryTest/Index.aspx
¾ÍÊÇÀàËÆÒÔÉϵÄÔÚÏß²âÊÔϵͳ£¬ÐèÒªÓÐÒ»¸öºǫ́µÄ£¬ÓïÑÔÊÇaspµÄ£¬Êý¾Ý¿âÊÇaccessµÄ£¬»¹ÐèÒªÄÜÔÚºǫ́¶ÔÐÅÏ¢½øÐÐÌíɾ¸Ä²éµÄ¡£Ð»Ð»¸÷λÁË¡£¡£¡£
³ÌÐòÕæµÄºÜ¶à£¬²»Öª ......
ÎÒÓÐÒ»¸ö±í£¬½á¹¹ÊÇÕâÑù¡£
ת³ö µ¥Î» תÈ뵥λ ±ÊÊý ½ð¶î
date(Ö÷) outid(Ö÷) inid(Ö÷) num amt
2009 1 2 1 500 Ϊ 1 µ¥Î» ÔÚ2009Ä ......
C# code:
SqlConnection conn = CsDB.sqlcon();
SqlDataAdapter da = new SqlDataAdapter("select fwCoding from bjmuma_fwCoding where OrderNumber='" + Order + & ......
tab1 ×Ö¶Î:billdate,goodsid,incount,inmoney,outcount,outmoney,endprice,endcount,endamt
tab2 ×Ö¶Î:goodsid,goodskind£¨ÉÌÆ·ÀàÐÍ£©
tab3 ×Ö¶Î:goodskind£¨ÉÌÆ·ÀàÐÍ£©,kindname
½á¹û£º
µÃµ½ÉÌÆ·ÀàÐÍÔÚÒ»¶Îʱ¼ä ......
1.asp.net×öµÄÒ»¸ö´ðÌâÒ³Ã棬ÈçºÎʵʱÏÞʱºó×Ô¶¯Ìá½»£¬Çë´ó¼Ò¸øµã˼·
ÏÞʱµÄʱ¼äÐÅÏ¢´æ·ÅÔÚÊý¾Ý¿âÖÐ
2.Èç¹û´ðÌâʱ¼äÉèÖõĽϳ¤£¬ÈçºÎ·½Ê½session³¬Ê±ºóÒ³ÃæÎÞЧ
лл
ÓÃjs·½·¨À´¿ØÖÆ
»Ø¸´ÄÚÈÝÌ«¶ÌÁË¡£¡£
js ......
