hzhost·Àasp¹¥»÷º¯Êý
hzhost·Àasp¹¥»÷º¯Êý
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) then
SafeRequest=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select
|insert |delete from|'|count(|drop table|update |truncate
|asc(|mid(|char(|xp_cmdshell|exec master|net localgroup
administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if Instr(ParaValuetemp,temps(mycount)) > 0 then
call errorpage(-2,"·Ç·¨ÇëÇ󣡣¡£¡")
response.end
end if
next
SafeRequest=ParaValue
end if
End function
'=================
Ïà¹ØÎĵµ£º
ActiveConnection ÉèÖûò·µ»ØCommand¶ÔÏóµÄÁ¬½ÓÐÅÏ¢£¬¸ÃÊôÐÔ¿ÉÒÔÊÇÒ»¸öConnection¶ÔÏó»òÁ¬½Ó×Ö·û´®¡£
CommandText ÉèÖûò·µ»Ø¶ÔÊý¾ÝÔ´µÄÃüÁî´®£¬Õâ¸ö´®¿ÉÒÔÊÇSQLÓï¾ä¡¢±í¡¢´¢´æ¹ý³Ì»òÊý¾ÝÌṩÕßÖ§³ÖµÄÈÎ ºÎÌØÊâÓÐЧµÄÃüÁîÎı¾¡£
Prepared Ìá³öÔÚµ÷ÓÃCommand¶ÔÏóµÄExecute·½·¨Ê±£¬ÊÇ·ñ½«²éѯµÄ±àÒë½á¹û´¢´æÏÂÀ´¡£Èç¹û½«¸ ......
1¡¢<script>°´Å¥£º
<input type="button" name="btnRead" onClick="readCard()" style="background:url(images/qux1.gif); border:none; width:145px; height:30px;" />
2¡¢Ìá½»°´Å¥£º
<input type="submit" name="button" id="button" style="background:url(images/tj.gif); bor ......
'--------------------------------------------------------------------------------------1.asp
<!--#include file="function.asp" -->
<script>
function checkAll(){
for (i=0;i<document.forms[1].length;i++){
if (document.forms[1][i].tagName= ......
<%
set rs=server.CreateObject(”ADODB.recordset”)
sql =”select * from ±í”
rs.open sql,conn,1,1
page=cint(request(”page”))
n=rs.RecordCount
rs.pagesize=12
m=cint(rs.pagecount)
if page=”" then
page=1
elseif page<1 then
page=1
end if
if cint(r ......
1.ÔÚ½â¾ö·½°¸ÖÐÌí¼ÓÐÂÏîÄ¿Êý¾Ý¼¯-mydbDataSet.xsd£¬ÔÚÊý¾Ý¼¯ÀïÌí¼ÓËùÒªÓõ½µÄ±í»ò¸ù¾ÝÐèÒªÖÆ×÷ÐÂ±í¡£
2.ÔÚÉè¼ÆÒ³ÃæÖÐÀÈëÒ»¸öMicrosoftReportViewer£¬Éè¼Æб¨±í£¬°´ÕÕ±¨±íÏòµ¼¸ù¾Ý×Ô¼ºµÄÐèҪѡÔñ±¨±íµÄÊý¾ÝÔ´ºÍÊý¾ÝÏÍê³Éб¨±íreport1.rdlcµÄÖÆ×÷¡£ÔÚÔ´ÂëÖÐÈçÏ£¨“¿¼ºË³É¼¨”ΪÊý¾Ý¼¯ÖеÄÒ»¸ö±í£©
<rsw ......
