-
Anonymous users2024-02-11That's right, the biggest problem is SQL injection, if you're not strong enough, someone else can construct pseudo-SQL to attack your database or control your administrative privileges. So you have to construct a filter function for special characters by yourself, and filter it every time you get the form, so that it is foolproof, of course, you can hi me.
In this case, you only need to construct a special username and password based on SQL, such as BEN' or '1'='1
You can go to pages that you don't have privileges for. Let's take a look at the above statement
In this case, you only need to construct a special username and password based on SQL, such as BEN' or '1'='1
In this way, the program will become like this.
or is a logical operator that serves to determine two conditions, and if one of the conditions is true, then the equation will hold. In language, 1 is used to represent the trueThen in this line of statement, the original statement"and"The verification will no longer continue, but because"1=1"with"or"Returns the statement to truth.
Of course, there are many such examples, but I'm just briefly explaining the general meaning of SQL vulnerabilities here! Hope it helps.
-
Anonymous users2024-02-10The name of the text box is name="wenbenname", the form has an action, set to macro circle action="",If this page is,That's to receive yourself,If not,It's the page to receive,And then write the receiving statement in the middle<%a=request("wenbenname"%Then this a is the value of the text box that you want to receive the collapsed manuscript!
-
Anonymous users2024-02-09There are two scenarios to consider here. This is not true because most users are ASP and collectively referred to as ASP, which are two completely different development languages.
For ASPs, if they are ASP received, they are directly in the handler.
post'The name of the form'] to receive.
get submission method'The name of the form'] to receive.
For example, dim name
name = "name"]
or name ='name']
For receiving, you also need to consider whether to use the normal HTML method or the server control method.
If it's html, then it's pretty much the same as ASP. It's basically the same.
If you are using server controls. Then you can receive it directly, you can use the request object directly, for example, you can directly use string name = in the event where you can submit a button.
-
Anonymous users2024-02-08First of all, your checkbox is output to the web page with a loop, so the name is different, when you receive it.
Table name, conn, 1, 1
sql="delet from the table name.
That's the general idea of sql.,As for the feasibility, I haven't tried it in bulk.,It's inevitable that there are no big holes.,Or syntax errors.,So I'm sorry.。
-
Anonymous users2024-02-07type="checkbox"> this way of writing should be wrong, pretending to be Zhaoran doesn't know what function you want to achieve.
-
Anonymous users2024-02-06The value of the name form is empty.
action=".asp"Form import. asp page.
onsubmit=""When type=submit is clicked on the form, the content is activated.
-
Anonymous users2024-02-05Generally speaking, not to mention that it is not safe, most people are like this.
If you want to hide, you can only use js.
action=""
button submit onclick=""
In this way, the source code cannot be viewed, and the link is not displayed, but those who want to view it can still see it.
-
Anonymous users2024-02-04The user submits the form to. asp file server as follows. asp file ** operation Returns information to the user's browser when the operation is complete.
-
Anonymous users2024-02-03You've got a little bit of a problem.
There is a problem with your third file - rs ("user")="zhanghao"
Here"zhanghao"It's a constant that you define casually, and you don't receive it in the form on the page.
value. Received value: zhanghao=trim("zhanghao"Add value: rs("admin")=zhanghao** in you, I helped you sort it out, you just copy it.
dim rs
dim sql
dim count
set rs="")
sql = "select * from admin"
sql,conn,1,3
rs("user")=trim("zhanghao"))set rs=nothing
-
Anonymous users2024-02-02The third file:
rs("user")="zhanghao" 'In this case, the request method should be used to get the passed value.
Changed to rs ("user")="zhanghao"If it is the data that comes from the post, it is obtained by the method; If it's a get method, use the method to get the data.
For example:"zhanghao")
Another possibility is that your primary key is set to this user, and the primary key cannot be duplicated.
-
Anonymous users2024-02-01The data in quotation marks is regarded as a string, and you submit it to the table only to submit the letters zhanghao, and if you want to submit the data of the form, you need to use the request object to get the value of the form name.
trim("zhanghao"trim means to remove the spaces at both ends.
-
Anonymous users2024-01-31It's not that complicated.
Only one place to change.
Put rs("user")="zhanghao"
Changed to rs ("user")=trim(request("zhanghao"))
You're guaranteed to get it done.
Make a method in the submit button that either it won't be submitted to the database. >>>More
**The department should pay close attention, manage it fiercely, and investigate it fiercely.
1. The plasticizer of liquor exceeds the standard.
2. Bright milk "rancid door". >>>More
Yes, I remember when I was in elementary school, I was walking on the playground, and then a boy next to me quickly ran over, I was fine, he suddenly hit a girl in front of me, and she fell to the ground and her head was bleeding, and the picture is still a little scary when I think about it now, this is also a safety issue, so the school is not absolutely safe, everyone still has to learn to protect themselves.
%if request("username")="" then%>elseset rec="")
sql="select * from user where username = '"& request("username") &"'" >>>More