hzhost·Àasp¹¥»÷º¯Êý
hzhost·Àasp¹¥»÷º¯Êý
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) then
SafeRequest=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select
|insert |delete from|'|count(|drop table|update |truncate
|asc(|mid(|char(|xp_cmdshell|exec master|net localgroup
administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if Instr(ParaValuetemp,temps(mycount)) > 0 then
call errorpage(-2,"·Ç·¨ÇëÇ󣡣¡£¡")
response.end
end if
next
SafeRequest=ParaValue
end if
End function
'=================
Ïà¹ØÎĵµ£º
ActiveConnection ÉèÖûò·µ»ØCommand¶ÔÏóµÄÁ¬½ÓÐÅÏ¢£¬¸ÃÊôÐÔ¿ÉÒÔÊÇÒ»¸öConnection¶ÔÏó»òÁ¬½Ó×Ö·û´®¡£
CommandText ÉèÖûò·µ»Ø¶ÔÊý¾ÝÔ´µÄÃüÁî´®£¬Õâ¸ö´®¿ÉÒÔÊÇSQLÓï¾ä¡¢±í¡¢´¢´æ¹ý³Ì»òÊý¾ÝÌṩÕßÖ§³ÖµÄÈÎ ºÎÌØÊâÓÐЧµÄÃüÁîÎı¾¡£
Prepared Ìá³öÔÚµ÷ÓÃCommand¶ÔÏóµÄExecute·½·¨Ê±£¬ÊÇ·ñ½«²éѯµÄ±àÒë½á¹û´¢´æÏÂÀ´¡£Èç¹û½«¸ ......
set conn=server.createobject("adodb.connection")
conn.open "driver={microsoft access driver (*.mdb)};dbq=F:\\ajaxpro\\App_Data\\server.mdb"
Dim StrSQL,RS
StrSQL="SELECT*from Manager WHERE ID='"&username&"'"
StrSQL=StrSQL&"AND Pin='"&passwor ......
Ö±±¼Ö÷Ìâ.
Ä¿Ç°ÔÚά»¤Ò»Ì×´óÐ͵ÄASPÊÛºóϵͳ(2000¶à¸öasp page),´úÂëÊÇ2001Äê³öÀ´µÄ,ÆÚ¼ä¶àÄêδ×ö¸üÐÂ,´úÂëÖвÎÔÓ¶à¸ö³ÌÐòÔ±µÄ·ç¸ñ,½á¹¹ÉÏÖ»ÊǼòµ¥µÄ½«main function ¼¯ÖÐÆðÀ´,½«¸´ÔÓµÄsql¼¯ÖÐÆðÀ´. Ò³ÃæÉÏÏ൱»ìÂÒ.
ûÓмòµ¥µØȥתÏò.net»·¾³,ÒòΪÕâ¸öÏµÍ³Ê¹Ó ......
ASPÖÐÈçºÎÓÃJS´Ó×Ó´°¿Ú´«µÝÖµ±äÁ¿µ½¸¸´°¿Ú±íµ¥ÖÐ?
ÐüÉÍ·Ö£º15 - ½â¾öʱ¼ä£º2008-6-10 00:06
¸¸´°¿ÚÖÐÓÐÒ»±íµ¥,ÏÖÔÚÊǵã±íµ¥ºóµÄÉÏ´«´ò¿ª×Ó´°¿Ú,¾¹ýÎÞ×é¼þÉÏ´«Îļþ³É¹¦ºó×Ó´°¿ÚÌáʾ³É¹¦,²¢ÓÃresponse.write(FileName) Êä³ö·¾¶³É¹¦.µ«ÈçºÎ´«µÝµ½¸¸´°¿ÚÎı¾ÓòÄÚÌá½»Êý¾Ý¿âÄØ?²é×ÊÁÏÊÇÓÃJS»Ø´«Ð´³É: resp ......
ÔÚ ASP ÖÐʹÓà Request.ServerVariables("REMOTE_ADDR") À´È¡µÃ¿Í»§¶ËµÄ IP µØÖ·£¬µ«Èç¹û¿Í»§¶ËÊÇʹÓôúÀí·þÎñ
Æ÷À´·ÃÎÊ£¬ÄÇÈ¡µ½µÄ¾ÍÊÇ´úÀí·þÎñÆ÷µÄ IP µØÖ·£¬¶ø²»ÊÇÕæÕýµÄ¿Í»§¶Ë IP µØÖ·¡£ÒªÏë͸¹ý´úÀí·þÎñÆ÷È¡µÃ¿Í»§¶ËµÄÕæʵ
IP µØÖ·£¬¾ÍҪʹÓÃ& ......