ASPÄÚÖöÔÏó
Ò»¡¢Request ¶ÔÏó
¿ÉÒÔʹÓà Request ¶ÔÏó·ÃÎÊÈκλùÓÚ HTTP ÇëÇ󴫵ݵÄËùÓÐÐÅÏ¢£¬°üÀ¨´Ó HTML ±í¸ñÓà POST ·½·¨»ò GET ·½·¨´«µÝµÄ²ÎÊý¡¢cookie ºÍÓû§ÈÏÖ¤¡£
Request[.¼¯ºÏ|ÊôÐÔ|·½·¨](±äÁ¿)
1¡¢Form
Form ¼¯ºÏͨ¹ýʹÓà POST ·½·¨µÄ±í¸ñ¼ìË÷ÓÊË͵½ HTTP ÇëÇóÕýÎÄÖеıí¸ñÔªËصÄÖµ¡£
Request.Form(element)[(index)|.Count]
element Ö¸¶¨¼¯ºÏÒª¼ìË÷µÄ±í¸ñÔªËصÄÃû³Æ¡£
index ¿ÉÑ¡²ÎÊý£¬Ê¹ÓøòÎÊý¿ÉÒÔ·ÃÎÊij²ÎÊýÖжà¸öÖµÖеÄÒ»¸ö¡£Ëü¿ÉÒÔÊÇ 1 µ½ Request.For(parameter).Count Ö®¼äµÄÈÎÒâÕûÊý¡£
Count ¼¯ºÏÖÐÔªËصĸöÊý
Form ¼¯ºÏ°´ÇëÇóÕýÎÄÖвÎÊýµÄÃû³ÆÀ´Ë÷Òý¡£Request.Form(element) µÄÖµÊÇÇëÇóÕýÎÄÖÐËùÓÐ element ÖµµÄÊý×顣ͨ¹ýµ÷Óà Request.Form(element).Count À´È·¶¨²ÎÊýÖÐÖµµÄ¸öÊý¡£Èç¹û²ÎÊýδ¹ØÁª¶à¸öÖµ£¬Ôò¼ÆÊýΪ 1¡£Èç¹ûÕÒ²»µ½²ÎÊý£¬¼ÆÊýΪ 0¡£ÒªÒýÓÃÓжà¸öÖµµÄ±í¸ñÔªËØÖеĵ¥¸öÖµ£¬±ØÐëÖ¸¶¨ index Öµ¡£index ²ÎÊý¿ÉÒÔÊÇ´Ó 1 µ½ Request.Form(element).Count ÖеÄÈÎÒâÊý×Ö¡£Èç¹ûÒýÓöà¸ö±í¸ñ²ÎÊýÖеÄÒ»¸ö£¬¶øδָ¶¨ index Öµ£¬·µ»ØµÄÊý¾Ý½«ÊÇÒÔ¶ººÅ·Ö¸ôµÄ×Ö·û´®¡£
2¡¢QueryString
QueryString¼¯ºÏ¼ìË÷HTTP²éѯ×Ö·û´®ÖбäÁ¿µÄÖµ ,HTTP ²éѯ×Ö·û´®ÓÉÎʺŠ(?) ºóµÄÖµÖ¸¶¨¡£
Request.QueryString(variable)[(index)|.Count]
QueryString ¼¯ºÏ¿ÉÒÔÈÃÄúÒÔÃû³Æ¼ìË÷ QUERY_STRING ±äÁ¿¡£Request.QueryString( ²ÎÊý ) µÄÖµÊdzöÏÖÔÚ QUERY_STRING ÖÐËùÓвÎÊýµÄÖµµÄÊý×顣ͨ¹ýµ÷ÓÃRequest.QueryString(parameter).Count ¿ÉÒÔÈ·¶¨²ÎÊýÓжàÉÙ¸öÖµ¡£
3¡¢Cookies
Cookie ÆäʵÊÇÒ»¸ö±êÇ©£¬µ±Äã·ÃÎÊÒ»¸öÐèҪΨһ±êʶÄãµÄÕ¾Ö·µÄ WEB Õ¾µãʱ£¬Ëü»áÔÚÄãµÄÓ²ÅÌÉÏÁôÏÂÒ»¸ö±ê¼Ç£¬ÏÂÒ»´ÎÄã·ÃÎÊͬһ¸öÕ¾µãʱ£¬Õ¾µãµÄÒ³Ãæ»á²éÕÒÕâ¸ö±ê¼Ç¡£Ã¿¸ö WEB Õ¾µã¶¼ÓÐ×Ô¼ºµÄ±ê¼Ç£¬±ê¼ÇµÄÄÚÈÝ¿ÉÒÔËæʱ¶ÁÈ¡£¬µ«Ö»ÄÜÓɸÃÕ¾µãµÄÒ³ÃæÍê³É¡£Ã¿¸öÕ¾µãµÄ Cookie ÓëÆäËûËùÓÐÕ¾µãµÄ Cookie ´æÔÚͬһÎļþ¼ÐÖеIJ»Í¬ÎļþÄÚ£¨Äã¿ÉÒÔÔÚ Windows µÄĿ¼Ï嵀 Cookie Îļþ¼ÐÖÐÕÒµ½ËüÃÇ£©¡£Ò»¸ö Cookie ¾ÍÊÇÒ»¸öΨһ±êʶ¿Í»§µÄ±ê¼Ç£¬Cookie ¿ÉÒÔ°üº¬ÔÚÒ»¸ö¶Ô»°ÆÚ»ò¼¸¸ö¶Ô»°ÆÚÖ®¼äij¸ö WEB Õ¾µãµÄËùÓÐÒ³Ãæ¹²ÏíµÄÐÅÏ¢£¬Ê¹Óà Cookie »¹¿ÉÒÔÔÚÒ³ÃæÖ®¼ä½»»»ÐÅÏ¢¡£Request ÌṩµÄ Cookies ¼¯ºÏÔÊÐíÓû§¼ìË÷ÔÚ HTTP ÇëÇóÖз¢Ë굀 cookie µÄÖµ¡£
Request.Cookies(cookie)[(key)|.attribute]
cookie Ö¸¶¨Òª¼ìË÷ÆäÖµµÄ cookie¡£
key ¿ÉÑ¡²ÎÊý£¬ÓÃÓÚ´Ó cookie ×ÖµäÖмìË÷×ӹؼ
Ïà¹ØÎĵµ£º
ÏÖÔڱȽÏÁ÷ÐеÄSQL×¢È빤¾ßµÄ¹¤×÷·½Ê½ÊÇͨ¹ýGETºÍPOSTÀ´Íê³É¾ßÌåµÄ×¢Èë¡£ÎÒÃÇ¿ÉÒÔ½«×¢ÈëʱËùÓõ½µÄÒ»ÇзûºÅ¹ýÂ˵ô¡£ÄÇôÎÒÃÇ¿ÉÒÔͨ¹ý¼òµ¥µÄÅжÏÓï¾äÀ´´ïµ½Ä¿µÄ¡£ÎÒÃÇÏÈÀ´¹ýÂËGET°É¡£
´úÂëÈçÏ£º
dim sql_injdata SQL_inj SQL_Get
SQL_injdata = "’|and|exec|insert|select|delete|update|count|*|%|chr|mid|mast ......
protected void Button1_Click(object sender, EventArgs e)
{
GridViewRow gvr = (sender as Button).NamingContainer as GridViewRow; //»ñµÃÈÝÆ÷
if(gvr != null)
{
int index = gvr.RowIndex;//index¾ ......
<!--#include file="conn.asp"-->
<!--#include file="inc/head.asp"-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-cn" lang="zh-cn" xmlns:q ......
¡¡¡¡ÓÃASPʵÏÖËÑË÷²¢·ÖÒ³ÊÇÎÒ¼û´ó¶àÊý³ÌÐòÔ±ºÍ´ó¶àÊýÍøÕ¾³öÏÖÁ˲»ÄÜÕý³£·ÖÒ³µÄÎÊÌ⣬ËÑË÷³öÀ´µÄ½á¹ûµã»÷ÏÂÒ»Ò³Êý¾ÝÓÖÖض¨ÏòΪ³õʼµÄ½á¹û¡£ÊÇʲôÔÒòµ¹ÖÂÕâ¸öÎÊÌâÄØ£¿
¡¡¡¡Õâ¸öÎÊÌâÒ²ÊÇÔÚÎÒÔÚУÕýÔÚѧϰASPµÄʱºòÁ·Ï°ÊµÀýÖÐÓöµ½µÄÎÊÌ⣬³öÏÖÕâ¸öÎÊÌâºó£¬·´¸´µÄµ÷ÊÔ·´¸´µÄ¼ì²é´úÂ룬¿´À´¿´È¥´úÂëûÓв»±¨´íÒ²ÎÞÎó¡£× ......