一个简单的 循环修改1/0 的 代码 怎么老不成功,恳请高手啊!

madnesser 2009-08-17 05:08:15
下面是点击文章未审 和 已审 之间切换的代码 : 我点击时候 点击未审的(Talers("shixiao")=0)可以变成已审(Talers("shixiao")=1) 可是我点击已审却无法改变! 这里漏洞在那里啊????


<%
Call DoNoIpLock
Operate=Trim(Request("operate"))
If Operate="del" Then
DelLock
ElseIf Operate="save" Then
Call SaveLock
ElseIf Operate="shenhe" Then
Call shenhelock()
Else
Call LockList
End if
Response.Write "</table>"

Sub Locklist
Set Talers=Conn.ExeCute("Select * from IpLock order by iplock")
If Not Talers.Eof Then
i=0
%>


<%
Response.Write "<a href='m1l1ip.Asp?operate=shenhe&ipid="&Talers("ipid")&"'>"
If Talers("shixiao")=0 Then
Response.Write "<font color=red>未审</font>"
Else
Response.Write "已审"
End If
Response.Write "</a>" %>



<%
sub shenhelock()
ipid=request("ipid")
shixiao=request("shixiao")
If shixiao=1 then
shixiao=0
else
shixiao=1
End if
set Talers=conn.execute("Update IpLock set shixiao="&shixiao&" Where ipid="&ipid&"")
Response.Redirect "m1l1ip.Asp"
end sub
%>
...全文
68 点赞 收藏 7
写回复
7 条回复
切换为时间正序
请发表友善的回复…
发表回复
anjing5566 2009-08-17
呵呵,遇到问题,建议把sql写出来,这样就好分析原因了,上面解答的很详细了,lz自己看吧

回复
Y_Leopard 2009-08-17
UP
回复
王者coco 2009-08-17
up
回复
lzp4881 2009-08-17
<%
Call DoNoIpLock
Operate=Trim(Request("operate"))
If Operate="del" Then
DelLock
ElseIf Operate="save" Then
Call SaveLock
ElseIf Operate="shenhe" Then
Call shenhelock()
Else
Call LockList
End if
Response.Write " </table>"

Sub Locklist
Set Talers=Conn.ExeCute("Select * from IpLock order by iplock")
If Not Talers.Eof Then
i=0
%>


<%
Response.Write " <a href='m1l1ip.Asp?operate=shenhe&ipid="&Talers("ipid")&"'>"
If Talers("shixiao")=0 Then
Response.Write " <font color=red>未审 </font>"
Else
Response.Write "已审"
End If
Response.Write " </a>" %>
这里差一个end sub

<%
sub shenhelock()
ipid=request("ipid")
shixiao=request("shixiao")
If shixiao=1 then
shixiao=0
else
shixiao=1
End if
set Talers=conn.execute("Update IpLock set shixiao="&shixiao&" Where ipid="&ipid&"")
Response.Redirect "m1l1ip.Asp"
end sub
%>
回复
xxwood 2009-08-17
顶1楼
回复
jiewenxu 2009-08-17

<%
Call DoNoIpLock
Operate=Trim(Request.QueryString("operate"))
If Operate="del" Then
Call DelLock '这里漏掉Call,会引起脚本错误
ElseIf Operate="save" Then
Call SaveLock
ElseIf Operate="shenhe" Then
Call shenhelock()
Else
Call LockList
End if
Response.Write " </table>"

Sub Locklist
Set Talers=Conn.ExeCute("Select * from IpLock order by iplock")
If Not Talers.Eof Then
i=0
%>


<%
Response.Write " <a href='m1l1ip.Asp?operate=shenhe&ipid="&Talers("ipid")& "&shixiao="& Talers("shixiao") &"'>"
If Talers("shixiao")=0 Then
Response.Write " <font color=red>未审 </font>"
Else
Response.Write "已审"
End If
Response.Write " </a>" %>


<%
sub shenhelock()
ipid=CLng(request.QueryString("ipid")) '注意防注入
shixiao=CInt(request.QueryString("shixiao")) '你原来的地址中没有包含shixiao这个参数
If shixiao=1 then
shixiao=0
else
shixiao=1
End if
set Talers=conn.execute("Update IpLock set shixiao="&shixiao&" Where ipid="&ipid&"")
Response.Redirect "m1l1ip.Asp"
end sub
%>
回复
wansai00 2009-08-17
1,0的切换 使用这个方法

减一后的绝对值 Abs(n - 1)
update table set filed = abs(fields - 1) where ....

http://www.hn5000.com/program/view/no30.html
回复
发动态
发帖子
ASP
创建于2007-09-28

2.8w+

社区成员

ASP即Active Server Pages,是Microsoft公司开发的服务器端脚本环境。
申请成为版主
社区公告
暂无公告