check_login.test.asp

花钱买的毕业设计。企业网络管理系统

<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<%
'On Error Resume Next
Response.Write(Server.URLEncode("""") & "  " & Server.HTMLEncode("""") & "<br>")
dim str,login_name,password
login_name = "1' or 1 = 1 or '1' <> '"
password = "1' or 1 = 1 or '1' <> '"
str = "select top 1 * from member where login_name = '" & login_name & "'"
Response.Write(str & "<br>")
str = "select top 1 name from member where (login_name = '" & login_name & "') and (password = '" & password & "')"
Response.Write(str & "<br>")
login_name = "1"" or 1 = 1 or ""1"" <> "" "
password = "1"" or 1 = 1 or ""1"" <> "" "
str = "select top 1 * from member where login_name = """ & login_name & """ and password = """ & password & """"
Response.Write(str & "<br>")
str = "select top 1 * from member where (login_name = """ & login_name & """) and (password = """ & password & """)"
Response.Write(str & "<br>")
Session("rs").Open str,Session("conn")
if not Session("rs").EOF and Session("password") = password  then
	Session("login_name") = Session("rs")("login_name")
	Response.Write("login success!")
else
	Response.Write("Invalid login_name!")
end if

'Response.Write(str)
'Response.End()
Session("rs").Close

%>
<body>
<textarea name="textarea"><%= Server.HTMLEncode("'") %></textarea>
</body>
</html>