7,763
社区成员
发帖
与我相关
我的任务
分享简单问题:密码修改问题
输入用户名:text1
旧密码:text2
新密码:text3
确定密码:text4
数据库是aa,表是bb,
字段:卡号、密码
Public Cnn As New ADODB.Connection
Public MyRs As New ADODB.Recordset
代码怎么写这里
旧密码:text2
新密码:text3
确定密码:text4
数据库是aa,表是bb,
字段:卡号、密码
Public Cnn As New ADODB.Connection
Public MyRs As New ADODB.Recordset
代码怎么写这里
...全文
请发表友善的回复…
发表回复
饮水需思源 2004-05-04
- 打赏
- 举报
常见的注入攻击就是有密码输入框 中输入:test ' or 1=1 '--
在SQL语句中就变成成:select * from tablename where cpassword='test' or 1=1'
了,也就是说条件永远成立了
在SQL语句中就变成成:select * from tablename where cpassword='test' or 1=1'
了,也就是说条件永远成立了
Agelboy 2004-05-04
- 打赏
- 举报
谢谢各位~
非常感谢
非常感谢
flyingscv 2004-05-04
- 打赏
- 举报
密码和用户名限制为普通字母或数字就好了
Agelboy 2004-05-04
- 打赏
- 举报
我知道用adodc写的,直接用sql老是出错,才问问的
tangxiaosan001 2004-05-04
- 打赏
- 举报
老兄,你是初学的吧,不如看看书咯。
这里的高手都只给程序,但是不看书也难啊。
这里的高手都只给程序,但是不看书也难啊。
goodname008 2004-05-04
- 打赏
- 举报
主要就是注意 ' 和 -- 这两个东西。 :)
我觉得,该判断要判断,该过滤要过滤。
我觉得,该判断要判断,该过滤要过滤。
daisy8675 2004-05-04
- 打赏
- 举报
注入攻擊?這個詞語沒有聽過。leftie來講講
饮水需思源 2004-05-04
- 打赏
- 举报
如果直接将输入的密码在SQL语句中判断,会可能发生SQL注入攻击,我个人认为还是将密码从数据库中读出,然后再比较是否一致合适
daisy8675 2004-05-04
- 打赏
- 举报
Option Explicit
Public rs As New ADODB.Recordset
Public conn As New ADODB.Connection
Private Sub Command1_Click()
If Text1.Text = "" Then
MsgBox "用戶名稱不能為空"
Text1.SetFocus
Exit Sub
End If
If rs.State <> adStateClosed Then rs.Close
rs.Open "Select * from bb where Name='" & Text1.Text & "'", conn, 3, 3
If rs.RecordCount = 0 Then
MsgBox "沒有此用戶名稱"
Text1.Text = ""
Text1.SetFocus
Exit Sub
End If
If rs.State <> adStateClosed Then rs.Close
rs.Open "Select * from bb where password='" & Text2.Text & "'", conn, 3, 3
If rs.RecordCount = 0 Then
MsgBox "你的密碼和原來的密碼不對,請重新輸入 !"
Text2.Text = ""
Text2.SetFocus
Exit Sub
End If
If Text3.Text <> Text4.Text Then
MsgBox "新的密碼兩次輸入不一置,請重新進行設置!"
Text3.Text = ""
Text4.Text = ""
Text3.SetFocus
Exit Sub
End If
conn.Execute "Update bb set [Password]='" & Text3.Text & "' where name='" & Text1.Text & "'"
MsgBox "密碼修改成功"
Unload Me
End Sub
Private Sub Form_Load()
Dim strconn As String
strconn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & App.Path & "\aa.mdb;Persist Security Info=False"
conn.CursorLocation = adUseClient
conn.Open strconn
End Sub
Private Sub Form_Unload(Cancel As Integer)
If rs.State <> 0 Then rs.Close
Set rs = Nothing
Set conn = Nothing
Set Form1 = Nothing
End Sub
Public rs As New ADODB.Recordset
Public conn As New ADODB.Connection
Private Sub Command1_Click()
If Text1.Text = "" Then
MsgBox "用戶名稱不能為空"
Text1.SetFocus
Exit Sub
End If
If rs.State <> adStateClosed Then rs.Close
rs.Open "Select * from bb where Name='" & Text1.Text & "'", conn, 3, 3
If rs.RecordCount = 0 Then
MsgBox "沒有此用戶名稱"
Text1.Text = ""
Text1.SetFocus
Exit Sub
End If
If rs.State <> adStateClosed Then rs.Close
rs.Open "Select * from bb where password='" & Text2.Text & "'", conn, 3, 3
If rs.RecordCount = 0 Then
MsgBox "你的密碼和原來的密碼不對,請重新輸入 !"
Text2.Text = ""
Text2.SetFocus
Exit Sub
End If
If Text3.Text <> Text4.Text Then
MsgBox "新的密碼兩次輸入不一置,請重新進行設置!"
Text3.Text = ""
Text4.Text = ""
Text3.SetFocus
Exit Sub
End If
conn.Execute "Update bb set [Password]='" & Text3.Text & "' where name='" & Text1.Text & "'"
MsgBox "密碼修改成功"
Unload Me
End Sub
Private Sub Form_Load()
Dim strconn As String
strconn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & App.Path & "\aa.mdb;Persist Security Info=False"
conn.CursorLocation = adUseClient
conn.Open strconn
End Sub
Private Sub Form_Unload(Cancel As Integer)
If rs.State <> 0 Then rs.Close
Set rs = Nothing
Set conn = Nothing
Set Form1 = Nothing
End Sub
饮水需思源 2004-05-04
- 打赏
- 举报
private sub cmdeditpwd()
dim strsql as string
if trim(text3.text)<>trim(text4.text) then
msgbox "两次新密码输入不一致,请重新输入!",48,"提示"
exit sub
end if
strsql=" select 卡号,密码 from bb where 卡号='"& trim(text1.text) &"'"
if myrs.staste=adstateopen then myrs.close
myrs.open strsql,cnn,adopenkeyset,adlockreadonly
if myrs.recordcount=0 then
msgbox "输入的用户名不存在,请重新输入!",48,"提示"
myrs.close
exit sub
else
if not (isnull(myrs!密码) or myrs!密码="") then
if myrs!密码<>trim(text2.text) then
msgbox "输入的密码不正确,请重新输入!",48,"提示"
exit sub
myrs.close
end if
else
if trim(text2.text)<>"" then '表中没密码而登录时输入了密码
msgbox "输入的密码不正确,请重新输入!",48,"提示"
myrs.close
exit sub
end if
end if
'修改新密码
strsql=" update bb set 密码='"& trim(text3.text) &"' where 卡号='"& myrs!卡号 &"'"
cnn.execute strsql
msgbox "密码修改成功!",vbinformation,"提示"
end if
end sub
dim strsql as string
if trim(text3.text)<>trim(text4.text) then
msgbox "两次新密码输入不一致,请重新输入!",48,"提示"
exit sub
end if
strsql=" select 卡号,密码 from bb where 卡号='"& trim(text1.text) &"'"
if myrs.staste=adstateopen then myrs.close
myrs.open strsql,cnn,adopenkeyset,adlockreadonly
if myrs.recordcount=0 then
msgbox "输入的用户名不存在,请重新输入!",48,"提示"
myrs.close
exit sub
else
if not (isnull(myrs!密码) or myrs!密码="") then
if myrs!密码<>trim(text2.text) then
msgbox "输入的密码不正确,请重新输入!",48,"提示"
exit sub
myrs.close
end if
else
if trim(text2.text)<>"" then '表中没密码而登录时输入了密码
msgbox "输入的密码不正确,请重新输入!",48,"提示"
myrs.close
exit sub
end if
end if
'修改新密码
strsql=" update bb set 密码='"& trim(text3.text) &"' where 卡号='"& myrs!卡号 &"'"
cnn.execute strsql
msgbox "密码修改成功!",vbinformation,"提示"
end if
end sub
yenight 2004-05-04
- 打赏
- 举报
什么样的数据源
mdb ?? SQL Server
mdb ?? SQL Server
