login.asp

在conn.asp文件中加入了ASP防SQL注入语句

<!--#include file="conn.asp"-->
<%
if session("admin")<>"" then
response.redirect "list.asp"
end if
fname=request.form("name")
pass=request.form("pass")
if fname<>"" then
sql="select * from admin where admin='"&fname&"'"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,1
if not rs.eof then
	if pass=rs("pass") then
	session("admin")=fname
	response.redirect "index.asp"
	end if
end if
end if
%>
<html>

<head>
<style type="text/css">
<!-- 
td           { font-size: 12px; line-height: 17px }
body         { font-size: 12px; line-height: 17px }
p            { margin-top: 1; margin-bottom: 1 }
a:link       { text-decoration: none; color: black }
a:visited    { text-decoration: none; color: black }
a:active     { text-decoration: none }
a:hover      { text-decoration: underline; color: red }
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>管理员登录</title>
</head>

<body background="images/bg.gif">
<form action="" method="post">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="90">
   <tr>
      <td width="40%" height="26">
        <p align="right">帐号：</td>
          <td width="60%" height="26"><input type="text" name="name" size="20"></td>
            </tr>
            <tr>
           <td width="40%" height="26">
          <p align="right">密码：</td>
          <td width="60%" height="26"><input type="password" name="pass" size="20"></td>
          </tr>
       <tr>
    <td width="100%" colspan="2" height="38">
      <p align="center"><input type="submit" value="进入" name="enter">&nbsp;&nbsp;   
      <input type="reset" value="取消" name="reset"></p>             
    </td>             
  </tr>  
  </table>  
  </form>                
</body> 
</html>