hzhost·Àasp¹¥»÷º¯Êý
hzhost·Àasp¹¥»÷º¯Êý
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) then
SafeRequest=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select
|insert |delete from|'|count(|drop table|update |truncate
|asc(|mid(|char(|xp_cmdshell|exec master|net localgroup
administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if Instr(ParaValuetemp,temps(mycount)) > 0 then
call errorpage(-2,"·Ç·¨ÇëÇ󣡣¡£¡")
response.end
end if
next
SafeRequest=ParaValue
end if
End function
'=================
Ïà¹ØÎĵµ£º
Ö±±¼Ö÷Ìâ.
Ä¿Ç°ÔÚά»¤Ò»Ì×´óÐ͵ÄASPÊÛºóϵͳ(2000¶à¸öasp page),´úÂëÊÇ2001Äê³öÀ´µÄ,ÆÚ¼ä¶àÄêδ×ö¸üÐÂ,´úÂëÖвÎÔÓ¶à¸ö³ÌÐòÔ±µÄ·ç¸ñ,½á¹¹ÉÏÖ»ÊǼòµ¥µÄ½«main function ¼¯ÖÐÆðÀ´,½«¸´ÔÓµÄsql¼¯ÖÐÆðÀ´. Ò³ÃæÉÏÏ൱»ìÂÒ.
ûÓмòµ¥µØȥתÏò.net»·¾³,ÒòΪÕâ¸öÏµÍ³Ê¹Ó ......
1 Ç°ÑÔ
2 ¼òÊöÈý²ã¼Ü¹¹
3 ½¨Á¢Õ¾µãµÄ´óÌå½á¹¹
3.1 ´úÂëĿ¼
3.2 Ê× ......
ÔÚ¶àÏîÑ¡ÔñµÄһЩӦÓÃÖУ¬¿ÉÒÔÓöþ½øÖÆ1´ú±íÑ¡ÖУ¬0´ú±í²»Ñ¡¡£ÀýÈç¸øijÓû§½ÇÉ«·ÖÅäȨÏÞabcdefg£¬Ñ¡ÖÐÇé¿öÊÇ1001101£¬ÄÇô´Ë½ÇÉ«°üº¬ËÄÏîȨÏÞ£¬ÓÃÒ»¸ö±äÁ¿±íʾ£¬ÏàÓ¦µÄÊ®½øÖÆÊýÊÇ77¡£
µ«ÊÇ£¬ÔÚASPÖеĶàÏîÑ¡Ôñ£¬¾Í²»ÊʺÏÕâÖÖÒÔÊýÖµµÄÐÎʽ¼Ç¼ѡÖÐÇé¿ö¡£ÒòΪ£¬µ±ÏîÄ¿ÊýºÜ¶àʱ£¨ÀýÈç6 ......
1.ÔÚ½â¾ö·½°¸ÖÐÌí¼ÓÐÂÏîÄ¿Êý¾Ý¼¯-mydbDataSet.xsd£¬ÔÚÊý¾Ý¼¯ÀïÌí¼ÓËùÒªÓõ½µÄ±í»ò¸ù¾ÝÐèÒªÖÆ×÷ÐÂ±í¡£
2.ÔÚÉè¼ÆÒ³ÃæÖÐÀÈëÒ»¸öMicrosoftReportViewer£¬Éè¼Æб¨±í£¬°´ÕÕ±¨±íÏòµ¼¸ù¾Ý×Ô¼ºµÄÐèҪѡÔñ±¨±íµÄÊý¾ÝÔ´ºÍÊý¾ÝÏÍê³Éб¨±íreport1.rdlcµÄÖÆ×÷¡£ÔÚÔ´ÂëÖÐÈçÏ£¨“¿¼ºË³É¼¨”ΪÊý¾Ý¼¯ÖеÄÒ»¸ö±í£©
<rsw ......
