| 订阅 | 在线投稿
分享
 
 
当前位置: 王朝网络 >> asp >> chu xue ASP bian cheng yi fan de yi ge cuo wu yao zhu yi

chu xue ASP bian cheng yi fan de yi ge cuo wu yao zhu yi

2008-08-30 17:49:14 编辑來源:互联网 评论
 
 
 
本文为【初学ASP编程易犯的一个错误要注意】的拼音翻译版
  zai ASP bian cheng zhong , shen fen ren zheng ke yi shuo shi chang yao yong dao de 。 dan zen me yang cai neng zuo dao ren zheng de an quan ne ?
   biao dan ti jiao ye mian :sub.htm
  <html>
   <head>
   <title> guan li yuan deng lu </title>
   <body>
   <form name="form1" method="post" action="sub.asp">
   <p> guan li yuan :
   <input type="text" name="UserID" size="25" maxlength="20">
   mi ma :
   <input type="text" name="Pass" size="12" maxlength="20">
   <input type="submit" name="Submit" value=" ti jiao ">
   </p>
   </form>
   </body>
   </html>
   SUB.asp cheng xu
   <%
   jie shou biao dan zhong de shu ju
   user=request.from("UserID")
   jian cha biao dan ti jiao de shu ju shi fou wei kong ( biao dan ye mian ke neng ni yong JAVASCRIPT OR VBSCRIPT kong zhi le , dan zhe li ye bu yao wang ji kong zhi !
   if user="" then
   zhuan dao chu cuo ti shi ye mian !
   response.redirect "err1.htm"
   zhe yi ju ke neng mei yong , dan jia shang wei hao !
   response.end
   end if
   pass=request.from("Pass")
   if pass="" then
   response.redirect "err2.htm"
   response.end
   end if
   lian jie shu ju ku
   file=server.mappath(" ni de shu ju ku ")
   set conn=server.createobject("adodb.connection")
   dr="driver={microsoft access driver (*.mdb)};dbq="&file
   conn.open dr
   set rs=server.createobject("adodb.recordset")
   guan jian shi zhe li de SQL yu yan
   sql="select * from biao where user= "&user&" and pass= "&pass&" "
   rs.open sql
   if not rs.eof then
   zhao dao de hua jiu jin ru guan li ye mian
   reponse.redirect "login.asp"
   else
   mei zhao dao jiu jin ru cuo wu ye mian
   response.write "err3.htm"
   end if
   %>
   da jia gan jiao yi shang dai ma ying gai mei wen ti a , dan shi zhe li you yi ge yan chong de an quan yin huan :
   wo ru guo xiang deng lu guan li yuan de hua ke yi zai SUb.htm biao dan shu ru kuang zhong shu ru :
   di yi ge wen ben kuang zhong shu ru :a or 1 = 1 huo OR =
   di er ge wen ben kuang zhong shu ru :a or 1 = 1 huo OR =
   ti jiao , da jia hui kan dao ...“ wu , ting wo shuo wan hao bu hao , zhuan tou yi hui zai diu guo lai ..."
   "a " he “1” wei ren yi zi fu
   you ren hui wen wei shen me ni shu ru zhe xie zi fu hui yi guan li yuan shen fen jin ru ne ??
   qi shi zhe xie zi fu shi dui ni cheng xu zhong SQL yu yan de qi pian , er cheng gong jin ru de
   da jia kan : kai shi cheng xu SQL zhong shi dui biao jin xing cha xun man zu user= "&user&" and pass= "&pass&" " tiao jian de ji lu
   sql="select * from biao where user= "&user&" and pass= "&pass&" "
   wo er shu ru shang mian de dai ma hou jiu cheng le :
   sql="select * from biao where user= a or 1 = 1 and pass= a or 1 = 1 "
   da jia kan kan , neng you bu jin ru de li you ma ?? gei wo yi ge bu jin ru de li you , xian !
   yi shang USER PASS zi duan wei zi fu xing ru guo shi shu zi xing ye yi yang de dao li !
   jie jue fang fa :
   yi 、 han shu ti dai fa :
   yong REPLACE jiang yong hu duan shu ru de nei rong zhong han you te shu zi fu jin xing ti huan , da dao kong zhi mu de a !sql="select * from biao where user= "&replace(user," "," ")&" and pass= "&replace(pass," "," ")&" "
   zhe zhong fang fa mei ci zhi neng ti huan yi ge zi fu , qi shi wei xian de zi fu bu zhi shi " ", huan you ru ">"、"<"、"&"、"%" deng zi fu ying gai quan kong zhi qi lai 。 dan yong REPLACE han shu hao xiang bu tai sheng ren na zen me ban ne ??
   er 、 cheng xu kong zhi fa
   yong cheng xu lai dui ke hu duan shu ru de nei rong quan bu kong zhi qi lai , zhe yang neng quan mian kong zhi yong hu duan shu ru de ren he ke neng de wei xian zi fu huo dai ma , wo jiu de zhe ge fang fa !
  <%
   bu zhuo yong hu duan ti jiao de biao dan nei rong
   user=request.from("user")
   pass=request.from("pass")
   ...
   xun huan kong zhi kai shi
   for i=1 to len(user)
   yong MID han shu du chu bian liang user zhong i wei zhi de yi ge zi fu
   us=mid(user,i,1)
   jiang du chu de zi fu jin xing bi jiao
   if us=" " or us="%" or us="<" or us=">" or us="&" then
   ru guo han you yi shang zi fu jiang chu cuo ti shi , bu neng han you yi shang te shu zi fu
   response.redirect "err2.htm"
   response.end
   end if
   next
   ...
   %>【原文】【汉音对照
 
 
 
 
 
 
 
 
 
日版宠物情人插曲《Winding Road》歌词

日版宠物情人2017的插曲,很带节奏感,日语的,女生唱的。 最后听见是在第8集的时候女主手割伤了,然后男主用嘴帮她吸了一下,插曲就出来了。 歌手:Def...

兄弟共妻,我成了他们夜里的美食

老钟家的两个儿子很特别,就是跟其他的人不太一样,魔一般的执着。兄弟俩都到了要结婚的年龄了,不管自家老爹怎么磨破嘴皮子,兄弟俩说不娶就不娶,老父母为兄弟两操碎了心...

如何磨出破洞牛仔裤?牛仔裤怎么剪破洞?

把牛仔裤磨出有线的破洞 1、具体工具就是磨脚石,下面垫一个硬物,然后用磨脚石一直磨一直磨,到把那块磨薄了,用手撕开就好了。出来的洞啊很自然的。需要猫须的话调几...

我就是扫描下图得到了敬业福和爱国福

先来看下敬业福和爱国福 今年春节,支付宝再次推出了“五福红包”活动,表示要“把欠大家的敬业福都还给大家”。 今天该活动正式启动,和去年一样,需要收集“五福”...

冰箱异味产生的原因和臭味去除的方法

有时候我们打开冰箱就会闻到一股异味,冰箱里的这种异味是因为一些物质发出的气味的混合体,闻起来让人恶心。 产生这些异味的主要原因有以下几点。 1、很多人有这种习...

 
 
zai ASP bian cheng zhong , shen fen ren zheng ke yi shuo shi chang yao yong dao de 。 dan zen me yang cai neng zuo dao ren zheng de an quan ne ? biao dan ti jiao ye mian :sub.htm <html> <head> <title> guan li yuan deng lu </title> <body> <form name="form1" method="post" action="sub.asp"> <p> guan li yuan : <input type="text" name="UserID" size="25" maxlength="20"> mi   ma : <input type="text" name="Pass" size="12" maxlength="20"> <input type="submit" name="Submit" value=" ti jiao "> </p> </form> </body> </html> SUB.asp cheng xu <% jie shou biao dan zhong de shu ju user=request.from("UserID") jian cha biao dan ti jiao de shu ju shi fou wei kong ( biao dan ye mian ke neng ni yong JAVASCRIPT OR VBSCRIPT kong zhi le , dan zhe li ye bu yao wang ji kong zhi ! if user="" then zhuan dao chu cuo ti shi ye mian ! response.redirect "err1.htm" zhe yi ju ke neng mei yong , dan jia shang wei hao ! response.end end if pass=request.from("Pass") if pass="" then response.redirect "err2.htm" response.end end if lian jie shu ju ku file=server.mappath(" ni de shu ju ku ") set conn=server.createobject("adodb.connection") dr="driver={microsoft access driver (*.mdb)};dbq="&file conn.open dr set rs=server.createobject("adodb.recordset") guan jian shi zhe li de SQL yu yan sql="select * from biao where user= "&user&" and pass= "&pass&" " rs.open sql if not rs.eof then zhao dao de hua jiu jin ru guan li ye mian reponse.redirect "login.asp" else mei zhao dao jiu jin ru cuo wu ye mian response.write "err3.htm" end if %> da jia gan jiao yi shang dai ma ying gai mei wen ti a , dan shi zhe li you yi ge yan chong de an quan yin huan : wo ru guo xiang deng lu guan li yuan de hua ke yi zai SUb.htm biao dan shu ru kuang zhong shu ru : di yi ge wen ben kuang zhong shu ru :a or 1 = 1 huo OR = di er ge wen ben kuang zhong shu ru :a or 1 = 1 huo OR = ti jiao , da jia hui kan dao ...“ wu , ting wo shuo wan hao bu hao , zhuan tou yi hui zai diu guo lai ..." "a " he “1” wei ren yi zi fu you ren hui wen wei shen me ni shu ru zhe xie zi fu hui yi guan li yuan shen fen jin ru ne ?? qi shi zhe xie zi fu shi dui ni cheng xu zhong SQL yu yan de qi pian , er cheng gong jin ru de da jia kan : kai shi cheng xu SQL zhong shi dui biao jin xing cha xun man zu user= "&user&" and pass= "&pass&" " tiao jian de ji lu sql="select * from biao where user= "&user&" and pass= "&pass&" " wo er shu ru shang mian de dai ma hou jiu cheng le : sql="select * from biao where user= a or 1 = 1 and pass= a or 1 = 1 " da jia kan kan , neng you bu jin ru de li you ma ?? gei wo yi ge bu jin ru de li you , xian ! yi shang USER PASS zi duan wei zi fu xing ru guo shi shu zi xing ye yi yang de dao li ! jie jue fang fa : yi 、 han shu ti dai fa : yong REPLACE jiang yong hu duan shu ru de nei rong zhong han you te shu zi fu jin xing ti huan , da dao kong zhi mu de a !sql="select * from biao where user= "&replace(user," "," ")&" and pass= "&replace(pass," "," ")&" " zhe zhong fang fa mei ci zhi neng ti huan yi ge zi fu , qi shi wei xian de zi fu bu zhi shi " ", huan you ru ">"、"<"、"&"、"%" deng zi fu ying gai quan kong zhi qi lai 。 dan yong REPLACE han shu hao xiang bu tai sheng ren na zen me ban ne ?? er 、 cheng xu kong zhi fa yong cheng xu lai dui ke hu duan shu ru de nei rong quan bu kong zhi qi lai , zhe yang neng quan mian kong zhi yong hu duan shu ru de ren he ke neng de wei xian zi fu huo dai ma , wo jiu de zhe ge fang fa ! <% bu zhuo yong hu duan ti jiao de biao dan nei rong user=request.from("user") pass=request.from("pass") ... xun huan kong zhi kai shi for i=1 to len(user) yong MID han shu du chu bian liang user zhong i wei zhi de yi ge zi fu us=mid(user,i,1) jiang du chu de zi fu jin xing bi jiao if us=" " or us="%" or us="<" or us=">" or us="&" then ru guo han you yi shang zi fu jiang chu cuo ti shi , bu neng han you yi shang te shu zi fu response.redirect "err2.htm" response.end end if next ... %>
󰈣󰈤
  免责声明:本文仅代表作者个人观点,与王朝网络无关。王朝网络登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述,其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
时尚秀气模特裴裴(8)
时尚秀气模特裴裴(7)
时尚秀气模特裴裴(6)
时尚秀气模特裴裴(5)
白墙黑瓦
广州东郊[原创]
八美至丹巴的东谷天然盆景
不一样的
 
>>返回首页<<
 
 
 为你推荐
 
 
 
 转载本文
 UBB代码 HTML代码
复制到剪贴板...
 
 热帖排行
 
 
 
 
 
©2005- 王朝网络 版权所有