28,406
社区成员
发帖
与我相关
我的任务
分享怎么我做了注册验证还是有用户名为空的注册成功?
我使用自己的一个表来存储用户注册信息,然后用一个视图来供动网的论坛使用,我在注册的页面已经进行了相关信息的注册验证,比如用户名不能为空,长度不能多于20位,小于4位,必须填写电子邮件等,但是最近总是有用户名为空的却能注册成功,我不知道是怎么回事,请高手指点一下。用户注册时的验证程序如下:
<script language="JavaScript">
<!--
function isEmpty(s)
{
return ((s == null) || (s.length == 0))
}
function isWhitespace (s)
{
var whitespace = " \t\n\r";
var i;
// 以下代码判断是否有空字符
for (i = 0; i < s.length; i++)
{
var c = s.charAt(i);
if (whitespace.indexOf(c) >= 0)
{
return true;
}
}
return false;
}
function isCharsInBag (s, bag)
{
var i;
for (i = 0; i < s.length; i++)
{
var c = s.charAt(i);
if (bag.indexOf(c) == -1) return false;
}
return true;
}
function isEmail (s)
{
//判断Email是否为空
if (isEmpty(s))
{
window.alert("输入的E-mail地址不能为空,请输入!";
return false;
}
//判断Email中是否包含空格
if (isWhitespace(s))
{
window.alert("输入的E-mail地址中不能包含空格符,请重新输入!";
return false;
}
//判断Email地址长度
var i = 1;
var len = s.length;
if (len > 50)
{
window.alert("Email地址长度不能超过50位!";
return false;
}
pos1 = s.indexOf("@";
pos2 = s.indexOf(".";
pos3 = s.lastIndexOf("@";
pos4 = s.lastIndexOf(".";
//判断Email地址中是否包含符号 "@"
if ((pos1 <= 0)||(pos1 == len)||(pos2 <= 0)||(pos2 == len))
{
window.alert("请输入有效的E-mail地址!";
return false;
}
else
{
if( (pos1 == pos2 - 1) || (pos1 == pos2 + 1)
|| ( pos1 != pos3 ) //find two @
|| ( pos4 < pos3 ) ) //. should behind the "@"
{
window.alert("请输入有效的E-mail地址!";
return false;
}
}
if ( !isCharsInBag( s, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_@")
{
window.alert("email地址中只能包含字符ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_@\n" + "请重新输入" );
return false;
}
//判断是否包含有效的字符
/*
var badChar = "><,[]{}?/+=|\\"\":;!#$%^&()`";
if ( isCharsInBag( s, badChar))
{
alert("请不要在email地址中输入字符 " + badChar + "\n" );
alert("请重新输入" );
return false;
}
*/
return true;
}
function checkdata() {
if (document.form1.us01.value.length=="" {
window.alert ("请填写帐号 !"
return false
}
if (document.form1.us01.value.length<4) {
window.alert ("您的帐号不能小于4位 !"
return false
}
if (document.form1.pass01.value.length=="" {
window.alert ("请填写密码 !"
return false
}
if (document.form1.pass01.value.length<4) {
window.alert ("您的密码不能小于4位 !"
return false
}
if (document.form1.ques.value.length=="" {
window.alert ("请填写密码提示问题 !"
return false
}
if (document.form1.ques.value.length<4) {
window.alert ("密码提示问题长度不能小于4位 !"
return false
}
if (document.form1.answ.value.length=="" {
window.alert ("请填写密码提示答案 !"
return false
}
if (document.form1.answ.value.length<4) {
window.alert ("密码提示答案长度不能小于4位 !"
return false
}
if ( !isEmail(document.form1.email.value) )
return false
if (document.form1.email.value=="" {
window.alert ("请输入您的E-mail地址 !"
return false
}
if (document.form1.email.value.length>50) {
window.alert ("您的E-mail必须小于50位 !"
return false
}
return true
}
//-->
</script>
<form name="form1" method="post" action="save.asp" onsubmit="return checkdata()">
save.asp的代码如下:
<%
if(request.form("us01" <> "" then adduser__varname1 = request.form("us01"
if(md5(request.form("pass01",32) <> "" then adduser__varpass1 = md5(request.form("pass01",32)
if(request.form("ques" <> "" then adduser__varques1 = request.form("ques"
if(md5(request.form("answ",32) <> "" then adduser__varansw1 = md5(request.form("answ",32)
if(request.form("email" <> "" then adduser__varemail1 = request.form("email"
if(request.form("ifgetmail" <> "" then adduser__varget = request.form("ifgetmail"
if(request.form("com01" <> "" then adduser__varcomp = request.form("com01"
if(request.form("fr01" <> "" then adduser__varfr = request.form("fr01"
if(request.form("card01" <> "" then adduser__varcard = request.form("card01"
if(request.form("xz01" <> "" then adduser__varxz = request.form("xz01"
if(request.form("gm01" <> "" then adduser__vargm = request.form("gm01"
if(request.form("zj01" <> "" then adduser__varzj = request.form("zj01"
if(request.form("jj01" <> "" then adduser__varjj = request.form("jj01"
if(request.form("ur1" <> "" then adduser__varur = request.form("ur1"
if(request.form("province" <> "" then adduser__varpro = request.form("province"
if(request.form("city" <> "" then adduser__varcity = request.form("city"
if(request.form("add01" <> "" then adduser__varadd = request.form("add01"
if(request.form("zip01" <> "" then adduser__varzip = request.form("zip01"
if(request.form("per01" <> "" then adduser__varper = request.form("per01"
if(request.form("sex01" <> "" then adduser__varsex = request.form("sex01"
if(request.form("xl01" <> "" then adduser__varxl = request.form("xl01"
if(request.form("bm01" <> "" then adduser__varbm = request.form("bm01"
if(request.form("zw01" <> "" then adduser__varzw = request.form("zw01"
if(request.form("bir01" <> "" then adduser__varbirth = request.form("bir01"
if(request.form("pho01" <> "" then adduser__varphone = request.form("pho01"
if(request.form("mob01" <> "" then adduser__varmob = request.form("mob01"
if(request.form("fax01" <> "" then adduser__varfax = request.form("fax01"
if(request.form("ifcomp" <> "" then adduser__varifcomp = request.form("ifcomp"
%>
<%
if(request.form("us01" <> "" then adduser1__varname2 = request.form("us01"
if(md5(request.form("pass01",16) <> "" then adduser1__varpass2 = md5(request.form("pass01",16)
if(request.form("email" <> "" then adduser1__varemail2 = request.form("email"
if(request.form("ques" <> "" then adduser1__varques2 = request.form("ques"
if(md5(request.form("answ",16) <> "" then adduser1__varansw2 = md5(request.form("answ",16)
if(request.form("ip" <> "" then adduser1__varip = request.form("ip"
%>
<%
set adduser = Server.CreateObject("ADODB.Command"
adduser.ActiveConnection = MM_wuliu_STRING
adduser.CommandText = "INSERT INTO t_company (username,password,passques,passansw,email,ifgetmail,company,faren,card,xingzhi,guimo,zijin,jianjie,url,province,city,address,zipcode,person,sex,xueli,bumen,zhiwei,birth,phone,mobile,fax,ifcomp) VALUES ('" + Replace(adduser__varname1, "'", "''" + "','" + Replace(adduser__varpass1, "'", "''" + "','" + Replace(adduser__varques1, "'", "''" + "','" + Replace(adduser__varansw1, "'", "''" + "','" + Replace(adduser__varemail1, "'", "''" + "','" + Replace(adduser__varget, "'", "''" + "','" + Replace(adduser__varcomp, "'", "''" + "','" + Replace(adduser__varfr, "'", "''" + "','" + Replace(adduser__varcard, "'", "''" + "','" + Replace(adduser__varxz, "'", "''" + "','" + Replace(adduser__vargm, "'", "''" + "','" + Replace(adduser__varzj, "'", "''" + "','" + Replace(adduser__varjj, "'", "''" + "','" + Replace(adduser__varur, "'", "''" + "','" + Replace(adduser__varpro, "'", "''" + "','" + Replace(adduser__varcity, "'", "''" + "','" + Replace(adduser__varadd, "'", "''" + "','" + Replace(adduser__varzip, "'", "''" + "','" + Replace(adduser__varper, "'", "''" + "','" + Replace(adduser__varsex, "'", "''" + "','" + Replace(adduser__varxl, "'", "''" + "','" + Replace(adduser__varbm, "'", "''" + "','" + Replace(adduser__varzw, "'", "''" + "','" + Replace(adduser__varbirth, "'", "''" + "','" + Replace(adduser__varphone, "'", "''" + "','" + Replace(adduser__varmob, "'", "''" + "','" + Replace(adduser__varfax, "'", "''" + "','" + Replace(adduser__varifcomp, "'", "''" + "') "
adduser.CommandType = 1
adduser.CommandTimeout = 0
adduser.Prepared = true
adduser.Execute()
%>
请高手指点,这个问题太要命了。
<script language="JavaScript">
<!--
function isEmpty(s)
{
return ((s == null) || (s.length == 0))
}
function isWhitespace (s)
{
var whitespace = " \t\n\r";
var i;
// 以下代码判断是否有空字符
for (i = 0; i < s.length; i++)
{
var c = s.charAt(i);
if (whitespace.indexOf(c) >= 0)
{
return true;
}
}
return false;
}
function isCharsInBag (s, bag)
{
var i;
for (i = 0; i < s.length; i++)
{
var c = s.charAt(i);
if (bag.indexOf(c) == -1) return false;
}
return true;
}
function isEmail (s)
{
//判断Email是否为空
if (isEmpty(s))
{
window.alert("输入的E-mail地址不能为空,请输入!";
return false;
}
//判断Email中是否包含空格
if (isWhitespace(s))
{
window.alert("输入的E-mail地址中不能包含空格符,请重新输入!";
return false;
}
//判断Email地址长度
var i = 1;
var len = s.length;
if (len > 50)
{
window.alert("Email地址长度不能超过50位!";
return false;
}
pos1 = s.indexOf("@";
pos2 = s.indexOf(".";
pos3 = s.lastIndexOf("@";
pos4 = s.lastIndexOf(".";
//判断Email地址中是否包含符号 "@"
if ((pos1 <= 0)||(pos1 == len)||(pos2 <= 0)||(pos2 == len))
{
window.alert("请输入有效的E-mail地址!";
return false;
}
else
{
if( (pos1 == pos2 - 1) || (pos1 == pos2 + 1)
|| ( pos1 != pos3 ) //find two @
|| ( pos4 < pos3 ) ) //. should behind the "@"
{
window.alert("请输入有效的E-mail地址!";
return false;
}
}
if ( !isCharsInBag( s, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_@")
{
window.alert("email地址中只能包含字符ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.-_@\n" + "请重新输入" );
return false;
}
//判断是否包含有效的字符
/*
var badChar = "><,[]{}?/+=|\\"\":;!#$%^&()`";
if ( isCharsInBag( s, badChar))
{
alert("请不要在email地址中输入字符 " + badChar + "\n" );
alert("请重新输入" );
return false;
}
*/
return true;
}
function checkdata() {
if (document.form1.us01.value.length=="" {
window.alert ("请填写帐号 !"
return false
}
if (document.form1.us01.value.length<4) {
window.alert ("您的帐号不能小于4位 !"
return false
}
if (document.form1.pass01.value.length=="" {
window.alert ("请填写密码 !"
return false
}
if (document.form1.pass01.value.length<4) {
window.alert ("您的密码不能小于4位 !"
return false
}
if (document.form1.ques.value.length=="" {
window.alert ("请填写密码提示问题 !"
return false
}
if (document.form1.ques.value.length<4) {
window.alert ("密码提示问题长度不能小于4位 !"
return false
}
if (document.form1.answ.value.length=="" {
window.alert ("请填写密码提示答案 !"
return false
}
if (document.form1.answ.value.length<4) {
window.alert ("密码提示答案长度不能小于4位 !"
return false
}
if ( !isEmail(document.form1.email.value) )
return false
if (document.form1.email.value=="" {
window.alert ("请输入您的E-mail地址 !"
return false
}
if (document.form1.email.value.length>50) {
window.alert ("您的E-mail必须小于50位 !"
return false
}
return true
}
//-->
</script>
<form name="form1" method="post" action="save.asp" onsubmit="return checkdata()">
save.asp的代码如下:
<%
if(request.form("us01" <> "" then adduser__varname1 = request.form("us01"
if(md5(request.form("pass01",32) <> "" then adduser__varpass1 = md5(request.form("pass01",32)
if(request.form("ques" <> "" then adduser__varques1 = request.form("ques"
if(md5(request.form("answ",32) <> "" then adduser__varansw1 = md5(request.form("answ",32)
if(request.form("email" <> "" then adduser__varemail1 = request.form("email"
if(request.form("ifgetmail" <> "" then adduser__varget = request.form("ifgetmail"
if(request.form("com01" <> "" then adduser__varcomp = request.form("com01"
if(request.form("fr01" <> "" then adduser__varfr = request.form("fr01"
if(request.form("card01" <> "" then adduser__varcard = request.form("card01"
if(request.form("xz01" <> "" then adduser__varxz = request.form("xz01"
if(request.form("gm01" <> "" then adduser__vargm = request.form("gm01"
if(request.form("zj01" <> "" then adduser__varzj = request.form("zj01"
if(request.form("jj01" <> "" then adduser__varjj = request.form("jj01"
if(request.form("ur1" <> "" then adduser__varur = request.form("ur1"
if(request.form("province" <> "" then adduser__varpro = request.form("province"
if(request.form("city" <> "" then adduser__varcity = request.form("city"
if(request.form("add01" <> "" then adduser__varadd = request.form("add01"
if(request.form("zip01" <> "" then adduser__varzip = request.form("zip01"
if(request.form("per01" <> "" then adduser__varper = request.form("per01"
if(request.form("sex01" <> "" then adduser__varsex = request.form("sex01"
if(request.form("xl01" <> "" then adduser__varxl = request.form("xl01"
if(request.form("bm01" <> "" then adduser__varbm = request.form("bm01"
if(request.form("zw01" <> "" then adduser__varzw = request.form("zw01"
if(request.form("bir01" <> "" then adduser__varbirth = request.form("bir01"
if(request.form("pho01" <> "" then adduser__varphone = request.form("pho01"
if(request.form("mob01" <> "" then adduser__varmob = request.form("mob01"
if(request.form("fax01" <> "" then adduser__varfax = request.form("fax01"
if(request.form("ifcomp" <> "" then adduser__varifcomp = request.form("ifcomp"
%>
<%
if(request.form("us01" <> "" then adduser1__varname2 = request.form("us01"
if(md5(request.form("pass01",16) <> "" then adduser1__varpass2 = md5(request.form("pass01",16)
if(request.form("email" <> "" then adduser1__varemail2 = request.form("email"
if(request.form("ques" <> "" then adduser1__varques2 = request.form("ques"
if(md5(request.form("answ",16) <> "" then adduser1__varansw2 = md5(request.form("answ",16)
if(request.form("ip" <> "" then adduser1__varip = request.form("ip"
%>
<%
set adduser = Server.CreateObject("ADODB.Command"
adduser.ActiveConnection = MM_wuliu_STRING
adduser.CommandText = "INSERT INTO t_company (username,password,passques,passansw,email,ifgetmail,company,faren,card,xingzhi,guimo,zijin,jianjie,url,province,city,address,zipcode,person,sex,xueli,bumen,zhiwei,birth,phone,mobile,fax,ifcomp) VALUES ('" + Replace(adduser__varname1, "'", "''" + "','" + Replace(adduser__varpass1, "'", "''" + "','" + Replace(adduser__varques1, "'", "''" + "','" + Replace(adduser__varansw1, "'", "''" + "','" + Replace(adduser__varemail1, "'", "''" + "','" + Replace(adduser__varget, "'", "''" + "','" + Replace(adduser__varcomp, "'", "''" + "','" + Replace(adduser__varfr, "'", "''" + "','" + Replace(adduser__varcard, "'", "''" + "','" + Replace(adduser__varxz, "'", "''" + "','" + Replace(adduser__vargm, "'", "''" + "','" + Replace(adduser__varzj, "'", "''" + "','" + Replace(adduser__varjj, "'", "''" + "','" + Replace(adduser__varur, "'", "''" + "','" + Replace(adduser__varpro, "'", "''" + "','" + Replace(adduser__varcity, "'", "''" + "','" + Replace(adduser__varadd, "'", "''" + "','" + Replace(adduser__varzip, "'", "''" + "','" + Replace(adduser__varper, "'", "''" + "','" + Replace(adduser__varsex, "'", "''" + "','" + Replace(adduser__varxl, "'", "''" + "','" + Replace(adduser__varbm, "'", "''" + "','" + Replace(adduser__varzw, "'", "''" + "','" + Replace(adduser__varbirth, "'", "''" + "','" + Replace(adduser__varphone, "'", "''" + "','" + Replace(adduser__varmob, "'", "''" + "','" + Replace(adduser__varfax, "'", "''" + "','" + Replace(adduser__varifcomp, "'", "''" + "') "
adduser.CommandType = 1
adduser.CommandTimeout = 0
adduser.Prepared = true
adduser.Execute()
%>
请高手指点,这个问题太要命了。
...全文
请发表友善的回复…
发表回复
shayi 2005-06-30
- 打赏
- 举报
trim可以取出全角和半角空格。
楼主都不给加分的,唉,这世道。
楼主都不给加分的,唉,这世道。
shayi 2005-06-29
- 打赏
- 举报
dushizhuma(杨正祎) ,请问你说的“空白字符”是怎么输入的?用智能ABC的VL是什么意思?
另外, Hozaka(空虚的狼) 说得对,len(string)返回值是integer,如果string是空,返回0。
其实楼主直接用trim(string)就可以取出空格的,当然,如果有“dushizhuma(杨正祎) ”说的空白字符存在,你可以增加一个空白字符判断就好了。
另外, Hozaka(空虚的狼) 说得对,len(string)返回值是integer,如果string是空,返回0。
其实楼主直接用trim(string)就可以取出空格的,当然,如果有“dushizhuma(杨正祎) ”说的空白字符存在,你可以增加一个空白字符判断就好了。
emhuangzi 2005-06-29
- 打赏
- 举报
应该是客户端验证是不是出了问题
QQgenie 2005-06-29
- 打赏
- 举报
If Len(replace(replace(string," ")," "))<Len(string) Then
Response.Write("用户名不符要求!")
End If
Response.Write("用户名不符要求!")
End If
batistutafans 2005-06-29
- 打赏
- 举报
取出的这个空格是指半角状态下的还是包括全角空格啊?如何禁止全角空格的输入?
dushizhuma 2005-06-28
- 打赏
- 举报
他们可能用的是空白字符,而不是空的.用智能abc,的v1就可以打出来.
Hozaka 2005-06-28
- 打赏
- 举报
晕倒……Len(String) 函数返回值是 Integer 类型的,怎么可能是 ""
BILLSJONE 2005-06-27
- 打赏
- 举报
楼上的没有看清楚,楼主的 save.asp 已经有验证了。但是,这样是不够的,Request.Form("us01") <> "" ,我来说一下有哪些问题:
=================================
這不算驗証,只是取值而已。Request.Form("us01") ="" 時照常運行下去的,
=================================
這不算驗証,只是取值而已。Request.Form("us01") ="" 時照常運行下去的,
batistutafans 2005-06-27
- 打赏
- 举报
请高手们指点一下在save.asp里应该如何验证,越详细越好,我实在是被这个搞怕了。
mystyle 2005-06-27
- 打赏
- 举报
客户端验证是多余的
在服务端验证就OK了
你的代码有问题,用类似下面的代码
ErrorMessage = ""
id = trim(request("id"))
name = trim(request("name"))
for i = 1 to 1
if id = "" then
ErrorMessage = "您没有填写用户名"
Exit for
end if
if checkdata(id) then 'checkdata你写成一个检查是否有非法字符的函数,如果有返回True
ErrorMessage = "用户名包含非法字符"
Exit for
end if
if name = "" then
ErrorMessage = "用户名不能为空"
Exit for
end if
if checkdata(name) then
ErrorMessage = "用户名包含非法字符"
Exit for
end if
'还要加入每个字段长度判断,输入格式判断(例如Email和身份证)
'还要加入用户名是否存在的判断
'等等...
next
if ErrorMessage <> ""
Response.Write(ErrorMessage)
else
执行注册用户代码
end if
怎么样,代码结构清晰吧,呵呵
在服务端验证就OK了
你的代码有问题,用类似下面的代码
ErrorMessage = ""
id = trim(request("id"))
name = trim(request("name"))
for i = 1 to 1
if id = "" then
ErrorMessage = "您没有填写用户名"
Exit for
end if
if checkdata(id) then 'checkdata你写成一个检查是否有非法字符的函数,如果有返回True
ErrorMessage = "用户名包含非法字符"
Exit for
end if
if name = "" then
ErrorMessage = "用户名不能为空"
Exit for
end if
if checkdata(name) then
ErrorMessage = "用户名包含非法字符"
Exit for
end if
'还要加入每个字段长度判断,输入格式判断(例如Email和身份证)
'还要加入用户名是否存在的判断
'等等...
next
if ErrorMessage <> ""
Response.Write(ErrorMessage)
else
执行注册用户代码
end if
怎么样,代码结构清晰吧,呵呵
xmadan 2005-06-27
- 打赏
- 举报
这咯不是JAVA的吗?刚想说用validation
BILLSJONE 2005-06-27
- 打赏
- 举报
我的一般都是客服两个地方都进行验证,
客户端验证和安全没关系的,只是减少服务端证验不通过的机会,
想想如果验证不通过,那用户就得等服务器返回结果才知道,要花的时间多,
正常情况下有了客户端的帮助验证服务端一般一次过就会通过了,
客户端验证和安全没关系的,只是减少服务端证验不通过的机会,
想想如果验证不通过,那用户就得等服务器返回结果才知道,要花的时间多,
正常情况下有了客户端的帮助验证服务端一般一次过就会通过了,
BILLSJONE 2005-06-27
- 打赏
- 举报
if len(trim(request.form("username")))<=0 then
response.write ("请不要输入的用户名为空格,谢谢!")
response.end
end if
response.write ("请不要输入的用户名为空格,谢谢!")
response.end
end if
batistutafans 2005-06-27
- 打赏
- 举报
我把
<%
if len(trim(request.form("username")))="" then
response.write ("请不要输入的用户名为空格,谢谢!")
end if
%>
放在save.asp里,可是还是不起作用,一样可以以空格注册成功啊,问题在哪里呢?是应该在客户端进行验证还是在服务器端进行判断呢?或者两个地方都要进行?
<%
if len(trim(request.form("username")))="" then
response.write ("请不要输入的用户名为空格,谢谢!")
end if
%>
放在save.asp里,可是还是不起作用,一样可以以空格注册成功啊,问题在哪里呢?是应该在客户端进行验证还是在服务器端进行判断呢?或者两个地方都要进行?
mqjshanghai 2005-06-27
- 打赏
- 举报
可以收藏一下
arrowy 2005-06-27
- 打赏
- 举报
trim(username)
zy51 2005-06-27
- 打赏
- 举报
验证有缺陷出在save.asp.客户端做验证是没用.可以跳过的.
白夜花寒 2005-06-27
- 打赏
- 举报
trim +len....
Hozaka 2005-06-27
- 打赏
- 举报
楼上的没有看清楚,楼主的 save.asp 已经有验证了。但是,这样是不够的,Request.Form("us01") <> "" ,我来说一下有哪些问题:
1、很明显,好大的一 Injection ,SQL 注入漏洞,想干吗?
2、用户名不能为空字符串,但可以使一个或者更多的半角或者全角的空格
1、很明显,好大的一 Injection ,SQL 注入漏洞,想干吗?
2、用户名不能为空字符串,但可以使一个或者更多的半角或者全角的空格
smile9961 2005-06-27
- 打赏
- 举报
up
加载更多回复(3)
