📄 check_login.test2.asp
字号:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
function safeConvert(strOrig)
dim strTemp
strTemp = strOrig
if not isnull(strOrig) then
strTemp = Replace(strTemp,"'","""")
strTemp = Server.HTMLEncode(strTemp)
strTemp = Replace(strTemp," "," ")
end if
safeConvert = strTemp
end function
Response.Write(safeConvert("' ""'") & "<br>")
%>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body>
<input name="textarea" type="text" value="<%= safeConvert(" ") %>">
<%
'On Error Resume Next
dim str,login_name,password
login_name = "1' or 1 = 1 or '1' <> '"
password = "1' or 1 = 1 or '1' <> '"
login_name = safeConvert(login_name)
password = safeConvert(password)
'login_name = safeConvert(Request.Form("login_name"))
'password = safeConvert(Request.Form("password"))
str = "select top 1 * from member where (login_name = '" & login_name & "') and (password = '" & password & "')"
Response.Write(str & "<br>")
Session("rs").Open str,Session("conn")
if not Session("rs").EOF then
Session("login_name") = Session("rs")("login_name")
Response.Write("login success!")
else
Response.Write("Invalid login_name!")
end if
'Response.Write(str)
'Response.End()
Session("rs").Close
%>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -