大家帮我看下下面代码中密码是什么? </tr> </table></td> </tr> </table> <table width="188" height="57
2个回答
展开全部
<%
SQL_injdata = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(lcase(Request.Form(Sql_Post)),Sql_Inj(Sql_DATA))>0 Then
response.write "输入非法"
Response.end
end if
next
next
end if
pwd = request.form("pwd")
name = request.form("name")
Set rs = Server.CreateObject("ADODB.Connection")
sql = "select * from Manage_User where UserName='" & name & "' And PassWord='"&encrypt(pwd)&"'"
Set rs = conn.Execute(sql)
If Not rs.EOF = True Then
Session("Name") = rs("UserName")
Session("pwd") = rs("PassWord")
Response.Redirect("Manage.asp")
Else
response.write "<script language='javascript'>window.confirm('密码或用户错误')</script>>"
response.write "<script language='javascript'>parent.window.history.go(-1);</script>"
End If
end if
%>
改成这样看看效果
SQL_injdata = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(lcase(Request.Form(Sql_Post)),Sql_Inj(Sql_DATA))>0 Then
response.write "输入非法"
Response.end
end if
next
next
end if
pwd = request.form("pwd")
name = request.form("name")
Set rs = Server.CreateObject("ADODB.Connection")
sql = "select * from Manage_User where UserName='" & name & "' And PassWord='"&encrypt(pwd)&"'"
Set rs = conn.Execute(sql)
If Not rs.EOF = True Then
Session("Name") = rs("UserName")
Session("pwd") = rs("PassWord")
Response.Redirect("Manage.asp")
Else
response.write "<script language='javascript'>window.confirm('密码或用户错误')</script>>"
response.write "<script language='javascript'>parent.window.history.go(-1);</script>"
End If
end if
%>
改成这样看看效果
本回答由提问者推荐
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
