28,409
社区成员
发帖
与我相关
我的任务
分享这个出错怎么解决
<%set rs=server.Createobject("adodb.recordset")
sql="select * from user where username="&username&""
rs.Open sql,conn,3,3
if not rs.eof then
if trim("password")=trim(rs("password")) then
response.write"<br><br><br><center>欢迎你 <font color=blue> "&username&" </font>,你的密码是<font
color=red> "&password&" </font> ,你已经成功登录系统,可以正常使用"
else
Response.write"<script>alert('请检查你选择的用户名和输入的密码是否正确!
',history.back())</script>"
end if
end if
%>
不管怎么样都能登陆,
sql="select * from user where username="&username&""
rs.Open sql,conn,3,3
if not rs.eof then
if trim("password")=trim(rs("password")) then
response.write"<br><br><br><center>欢迎你 <font color=blue> "&username&" </font>,你的密码是<font
color=red> "&password&" </font> ,你已经成功登录系统,可以正常使用"
else
Response.write"<script>alert('请检查你选择的用户名和输入的密码是否正确!
',history.back())</script>"
end if
end if
%>
不管怎么样都能登陆,
...全文
请发表友善的回复…
发表回复
guokai1217 2004-04-01
- 打赏
- 举报
注意以下过滤特殊的字段.否则漏洞好象明显了一些.很不安全.
<%
Function Deal(exp1)
dim exp2
exp2=Replace(exp1,"<","<")
exp2=Replace(exp2,">",">")
exp2=Replace(exp2,"'","''")
exp2=Replace(exp2,Chr(13),"<br>")
Deal=exp2
End Function
%>
用
name=Deal(name)过滤一下吧.
密码也一样.最好加个密再存,再验证.
<%
Function Deal(exp1)
dim exp2
exp2=Replace(exp1,"<","<")
exp2=Replace(exp2,">",">")
exp2=Replace(exp2,"'","''")
exp2=Replace(exp2,Chr(13),"<br>")
Deal=exp2
End Function
%>
用
name=Deal(name)过滤一下吧.
密码也一样.最好加个密再存,再验证.
possible_Y 2004-04-01
- 打赏
- 举报
if trim(password)=trim(rs("password")) then '不是trim("password")
上面写错了点
上面写错了点
possible_Y 2004-04-01
- 打赏
- 举报
sql="select * from user where username='"&username&"'"
rs.Open sql,conn,3,3
if not rs.eof then
if rs("password")=trim(rs("password")) then '不是trim("password")
rs.Open sql,conn,3,3
if not rs.eof then
if rs("password")=trim(rs("password")) then '不是trim("password")
pizixt 2004-04-01
- 打赏
- 举报
<%
set rs=server.Createobject("adodb.recordset")
password=trim(password)
sql="select * from [user] where username='"&username&"' and password='"&password&"'"
rs.Open sql,conn,1,1
if not rs.eof then
response.write "<br><br><br><center>欢迎你 <font color=blue> "&username&" </font>,你的密码是<font color=red> "&password&" </font> ,你已经成功登录系统,可以正常使用"
else
response.write "<script language=javascript>alert('请检查你选择的用户名和输入的密码是否正确!';history.back()</script>"
end if
%>
set rs=server.Createobject("adodb.recordset")
password=trim(password)
sql="select * from [user] where username='"&username&"' and password='"&password&"'"
rs.Open sql,conn,1,1
if not rs.eof then
response.write "<br><br><br><center>欢迎你 <font color=blue> "&username&" </font>,你的密码是<font color=red> "&password&" </font> ,你已经成功登录系统,可以正常使用"
else
response.write "<script language=javascript>alert('请检查你选择的用户名和输入的密码是否正确!';history.back()</script>"
end if
%>
飞扬残月 2004-04-01
- 打赏
- 举报
现在是不管怎么样都不能登陆
stefli 2004-04-01
- 打赏
- 举报
sql="select * from [user] where username='"&username&"'"
