asp or ©¶´
©¶´ÃèÊö:
ÔÚlogin.aspÖУ¬½ÓÊÕÓû§ÊäÈëµÄUseridºÍPasswordÊý¾Ý£¬²¢·Ö±ð¸³Öµ¸øuserºÍpwd£¬È»ºóÔÙÓÃsql="select * from admin where username="&user&" and password="&pwd&"" Õâ¾äÀ´¶ÔÓû§ÃûºÍÃÜÂë¼ÓÒÔÑéÖ¤¡£
ÒÔ³£ÀíÀ´¿¼ÂǵĻ°£¬ÕâÊǸöºÜÍêÕûµÄ³ÌÐòÁË¡£¶øÔÚʵ¼ÊµÄʹÓùý³ÌÖУ¬ÕûÌ׳ÌÐòÒ²µÄÈ·¿ÉÄÜÕý³£Ê¹Óá£
µ«ÊÇÈç¹ûUseridµÄÖµºÍpasswordµÄÖµ±»¸³ÓÚ£ºsafer’ or’1’=’1’ Õâʱ£¬sql="select * from admin where username="&user&" and password="&pwd&"" ¾Í³ÉÁË£º
sql="select * from reg where user=safer’ or’1’=’1’ and pass=safer’ or’1’=’1’
ÔõôÑù£¿£¡ÎÒ²»Ëµ´ó¼ÒÒ²Ã÷°×ÁË°É£¡
¼ÈÈ»ÓÐÕâÑùµÄÎÊÌ⣬½ÓÏÂÀ´ÎÒÃǾÍÀ´¿´¿´ÈçºÎ½â¾öËü¡£´ÓÉÏÃæµÄ³ÌÐòÖи÷λҲ¿ÉÒÔ¿´³ö£¬Ö»Òª¶ÔÓû§ÊäÈëµÄÊý¾Ý½øÐÐÑϸñ¹ýÂ˾ͿÉÒÔÁË¡£¾ßÌå¿ÉÒÔ²ÎÏÂÃæµÄ³ÌÐò£º
Quote
¡´%
user=request.from("UserID")
pass=request.from("password")
for i=1 to len(UserID)
cl=mid(UserID,i,1)
if cl="" or us="%" or us="¡´" or us="¡µ" then
response.redirect "54safer ..haha"
response.end
end if
next
%¡µ
ͬÑùÊÇÏÈÈ¡µÃÓû§ÊäÈëÊý¾Ý£¬È»ºó·ÖÎöÓû§ÊäÈëµÄÿһ¸ö×Ö·û£¬Èç·¢ÏÖÒì³££¬Ôòתµ½´íÎóÒ³Ãæ¡£
if cl="" or us="%" or us="¡´" or us="¡µ" then ÕâÒ»¾äÖпÉÒÔ¼ÓÈëÈÎÒâµÄ¹ýÂË×Ö·û£¬¸ú¾Ý¾ßÌåÇé¿ö¶ø¶¨¡£
********************************************************************
©¶´ÐÞ²¹:
username=replace(trim(request("username")),"’","")
password=replace(trim(Request("password")),"’","")
°Ñ“’”¸ø¹ýÂËÁË
Èç¹ûÄãÏëÓÓ’”µ±×öÃÜÂë ¾ÍÓÃÏÂÃæµÄ·½·¨
1¡¢select * from user where user=’ " & User & "’ "
2¡¢Èç¹û·µ»Ø²»Îª¼Ù£¬ÔòÈ¡ÃÜÂë
pass=rs("passwd")
3¡¢Åжϣºif pass=password
4¡¢µÃ³ö½áÂÛ¡£
Àý×Ó:
Qu
Ïà¹ØÎĵµ£º
ASPͨ¹ýcookieʵÏÖ×Ô¶¯¼ÇסÃÜÂëµÄ¹¦ÄÜ
°ÑÒÔÏ´úÂë¼ÓÈëÑéÖ¤Ò³£º
<%if Trim(Cstr(request.QueryString("check")))="true" then ‘ÓÃÀ´ÅжÏÊÇ·ñÓÐÑ¡Ôñ¼ÇסÃÜÂë
Response.Cookies("UserCookie")("username") = Trim(Cstr(request.Form("username")))
Response.Cookies("UserCookie")("passwords") = trim ......
´æ´¢½ø³Ì¾ÍÊÇ×÷Ϊ¿ÉÖ´ÐжÔÏó´æ·ÅÔÚÊý¾Ý¿âÖеÄÒ»¸ö»ò¶à¸öSQLÃüÁî¡£
¶¨Òå×ÜÊǺܳéÏó¡£´æ´¢½ø³ÌÆäʵ¾ÍÊÇÄÜÍê³ÉÒ»¶¨²Ù×÷µÄÒ»×éSQLÓï¾ä£¬Ö»²»¹ýÕâ×éÓï¾äÊÇ·ÅÔÚÊý¾Ý¿âÖеÄ(ÕâÀïÎÒÃÇ̸ֻSQL SERVER)¡£Èç¹ûÎÒÃÇͨ¹ý´´½¨´æ´¢½ø³ÌÒÔ¼°ÔÚASPÖе÷Óô洢½ø³Ì£¬¾Í¿ÉÒÔ±ÜÃ⽫SQLÓï¾äͬASP´úÂë»ìÔÓÔÚÒ ......
×î½üºÜ¿àÄÕ£¬µ±Êý¾Ý·ÃÎÊʧ°Ü»òÕ߳ɹ¦µÄʱºò£¬ÒªÒ³ÃæµÄjs´¦ÀíһЩЧ¹û£¬Ö»ÊDz»ÖªµÀÔõôµ÷Ó㬷dz£ÓôÃÆ¡£ÖÕÓÚÕÒ
µ½ÁËÒ»¸öµØ·½£º
ScriptManager.RegisterStartupScript(ListUpdatePanel, typeof(UpdatePanel), "", "alert(1);", true);
ÔÚºǫ́µÄº¯ÊýÖе÷ÓÃÕâ¸ö¼´¿É¡££¨Õë¶Ôupdatepanel£©Ë¢ÐÂÊý¾Ýºó£¬¾Í»áµ÷ÓÃjs ......
Ö¸ÕëÔÚCÖо³£Ìáµ½£¬µ«ÊÇÈκÎÒ»ÖÖÓïÑÔÖж¼Òþ²Ø×ÅÖ¸Õë¡£
aspÒ²ÊÇÈç´Ë£¬ÔÚÎÒÃÇ´«µÝ²ÎÊý¸øfunction»òÕßsubʱ£¬ÎÒÃÇÈç¹û´«µÝµÄÊÇÒ»¸ö±äÁ¿£¬ÄÇôasp»á°ÑÕâ¸ö±äÁ¿µØÖ·´«¹ýÈ¥£¬ËùÒÔÈç¹ûÄãÔÚº¯ÊýºÍ¹ý³ÌÀïÃæ¸ü¸ÄÕâ¸ö²ÎÊý£¬ÄÇôԱäÁ¿Ò²»á¸Ä±ä¡£
'º¯ÊýÀý×Ó
Dim i1,i2
i1=1
'=======================
Function toadd(i)'»ò ......
1.UpLoadClass.asp
<%
Class UpLoadClass
Private p_MaxSize,p_FileType,p_SavePath,p_AutoSave,p_Error
Private objForm,binForm,binItem,strDate,lngTime
Public FormItem,FileItem
Public Property Get Version
Version=""
End Property
......