28,391
社区成员
发帖
与我相关
我的任务
分享
<%
dim user,pass,question,answer,rs,sql
user=trim(request.form("user"))
pass=request.form("pass")
question=request.form("question")
answer=request.form("answer")
set rs=server.CreateObject ("adodb.recordset")
sql="select * from bbr where user='"&replace(user,"'","''")&"'" '不处理,可能会被注入
rs.open sql,conn,1,3
if not rs.eof then
response.write" <SCRIPT language=JavaScript>alert('该户名已经存在,请重新填写用户名。');history.go(-1);</script>"
else
rs.addnew
rs("user")=user
rs("pass")=pass
rs("question")=question
rs("answer")=answer
rs.update
response.write" <SCRIPT language=JavaScript>alert('恭喜您!成为"&WebName&"的会员,请登录!');window.location.href='login.asp'; </SCRIPT>"
end if
rs.close
set rs=noting
conn.close
set conn=nothing
%>