aspÖÐʵÏÖÎÞˢмÓÔØͼƬÑéÖ¤Âë
<script language="JavaScript">
function reloadcode(){
var verify=document.getElementById('safecode');
verify.setAttribute('src','images/chknumber.asp?'+Math.random());
//ÕâÀï±ØÐë¼ÓÈëËæ»úÊý²»È»µØÖ·ÏàͬÎÒ·¢ÖØмÓÔØ
}
</script>
<img src="images/chknumber.asp" id="safecode" border="0" onclick="reloadcode()" style="cursor:hand;padding:2px 8px 0pt 3px;" />
תÔصØÖ·£ºhttp://www.itwis.com/html/programme/javascript/20080416/1296.html
Ïà¹ØÎĵµ£º
Ò³ÃæÉúÃüÖÜÆÚ
Ò³ ÃæÉúÃüÖÜÆÚÖ´ÐÐһϵÁв½Ö裺ҳÃæµÄ³õʼ»¯¡¢ÊµÀý»¯¿Ø¼þ¡¢»¹ÔºÍά»¤×´Ì¬¡¢ÔËÐÐʼþ´¦Àí³ÌÐò´úÂë¡¢³ÊÏÖ¡£ÎªÁËÔÚºÏÊʵĽ׶ÎÖ´ÐÐËùÐèµÄ´úÂ룬ËùÒÔÒª¶ÔÒ³ÃæÉúÃü ÖÜÆڷdz£ÊìϤ¡£ÔÚÒ³ÉúÃüÖÜÆڵĸ÷¸ö½×¶Î£¬Ò³Ãæ»áÖð¸öÒý·¢¶¨ÒåµÄʼþ£¬Í¨¹ý¶Ô´úÂ뿪·¢£¬ÔÚÒ³ÃæµÄÉúÃüʼþÖÐÖ´ÐÐÎÒÃÇËùÐèÒªµÄ³ÌÐò
Ò³ÉúÃüÖÜÆڽ׶Î
1¡ ......
´æ´¢½ø³Ì¾ÍÊÇ×÷Ϊ¿ÉÖ´ÐжÔÏó´æ·ÅÔÚÊý¾Ý¿âÖеÄÒ»¸ö»ò¶à¸öSQLÃüÁî¡£
¶¨Òå×ÜÊǺܳéÏó¡£´æ´¢½ø³ÌÆäʵ¾ÍÊÇÄÜÍê³ÉÒ»¶¨²Ù×÷µÄÒ»×éSQLÓï¾ä£¬Ö»²»¹ýÕâ×éÓï¾äÊÇ·ÅÔÚÊý¾Ý¿âÖеÄ(ÕâÀïÎÒÃÇ̸ֻSQL SERVER)¡£Èç¹ûÎÒÃÇͨ¹ý´´½¨´æ´¢½ø³ÌÒÔ¼°ÔÚASPÖе÷Óô洢½ø³Ì£¬¾Í¿ÉÒÔ±ÜÃ⽫SQLÓï¾äͬASP´úÂë»ìÔÓÔÚÒ ......
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
if request("action")=1 then
Response.ContentType="application/ms-excel"
Response.AddHeader "content-disposition","attachment;filename=www.xls"
end if
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//E ......
°´ÕÕÌøתҳÃæµÄ·½Ê½£¬Ò»Ò»À´×ܽá
Ê×ÏÈ˵½ÓÊÜÒ³Ãæ»ñÈ¡²ÎÊýµÄ·½Ê½£º
1£©request.querystring¡£Ö»ÒªurlÖк¬ÓвÎÊý£¬¼´¿É´«µÝ
±ÈÈç µØÖ·£ºindex.aspx?label=da
ÔòÓÃRequest.QueryString["label"]¼´ ......
1.·Å×¢È뺯Êý
sub aspsql()
SQL_injdata = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post) ......
