<%
admin=trim(request.form("admin"))
password=trim(request.form("password"))
set rs1=server.CreateObject("adodb.recordset")
if admin<>"" and password<>"" then
rs1.open "select * from yonghu where username='"&admin&"' and password='"&password&"'",conn,1,3
if not (rs1.bof and rs1.eof) then
session("password")=rs1("password")
response.Redirect("bdxhsdlogin.asp")
else
response.Redirect("index.asp")
end if
else
response.Redirect("index.asp")
end if
%>
Õâ¶Î´úÂëûÓдí°É£¡
ÕâÊÇcheck.asp£¡¿ÉΪʲôµÇ½ÕýÈ·ÁËÒ³Ãæ²»Ìøת°¡£¿¶øÇÒlogin.aspÖеÄactionÁ´½Ócheck.aspÊǾͳöÏÖ500´íÎó Ôõô»ØÊ°¡£¿
Óõ¯³ö´°¿Ú²âÊÔÏ°ɣ¬Õâ¸öÎÊÌâÓ¦¸ÃºÜÈÝÒ×½â¾ö
Ôõô¸öÒâ˼
ÓÃresponse.write("<script>alert('****')</script>")¼ÓÔÚÿһ¸öÅжϵĺóÃæ²âÊÔÏÂÁ÷³Ì£¬¿´´úÂëÊÇÔõôִÐеģ¬Ó¦¸ÃºÜ¿ì¾ÍÄÜÕÒµ½ÔÒòµÄ¡£
admin=trim(request.form("admin"))
password=trim(request.form("password"))
set rs1=server.CreateObject("adodb.recordset")
if admin<>"" and password<>"" then
'ÏÈ檢²é¿´¿´sql commandµÄ語¾äÊÇ·ñ¶¼ÓÐ齊È«ÁË
str = "select * from yonghu where username='
ÔÚaspÀïÔõôµ÷ÓÃjavaдµÄwebservice·½·¨£¬Óкܶ෽·¨
- <message name="RtPnrIn">
<part name="bstrPnrNO" type="s:string" />
<part name ......
¸÷λ´óÏÀ£¬ÎÒѧϰµÄÊÇASP.NET£¬ÏëÖªµÀÏà¹Ø¼¼ÊõÓÐÄÄЩ£¬¾ÍÏñJAVA EEÖÐÓÐstruct sping jsp severlet µÈ£¬ASP.NET»¹ÓÐÄÄЩЩÏà¹Ø¼¼Êõ¡£
http://topic.csdn.net/u/20090914/21/af27de99-f0f3-4cfd-9379-13764f8ec6b1.ht ......
Ä¿Ç°ÊÇA.aspÃæÒ³ÓÐÒ»¸ö±äÁ¿aa,Ôõô²Å¿ÉÒÔ´«µ½B.aspÒ³Ãæ,²»ÊÇÓÃURL´«,ÏëÓÃ<inupt >¿Ø¼þÔõô´«°¡!Çë´ó¼ÒÖ¸µã!
ÓÃ±íµ¥´«Öµ
´«Öµ£¬GETºÍPOST£¬ÒªÃ´´ø²ÎÊý£¬ÒªÃ´ÓÃform
¶øÇÒ£¬Èç¹ûÄãÁ½¸öÒ³ÃæûÓÐÈκιØÁª£¬´«Ö ......
