function.asp

来自「基于ASP的SQL小区物业管理系统课程设计」· ASP 代码 · 共 52 行

<!--#include file="inc/conn.asp"-->
<%
function RequestX(strGet)
strTemp=Trim(Request.Form(strGet))
dim nothis(16)
nothis(0)="net user" 
nothis(1)="xp_cmdshell" 
nothis(2)="/add" 
nothis(3)="exec%20master.dbo.xp_cmdshell" 
nothis(4)="net localgroup administrators" 
nothis(5)="select" 
nothis(6)="count" 
nothis(7)="asc" 
nothis(8)="char" 
nothis(9)="mid" 
nothis(10)="'" 
nothis(11)="""" 
nothis(12)="insert" 
nothis(13)="delete" 
nothis(14)="drop" 
nothis(15)="truncate" 
nothis(16)="from" 
for i=1 to ubound(nothis)
if instr(strTemp,nothis(i)) then
Response.write "你输入的内容含有非法字符！"
Response.write "请<a href='login.html'>返回重试</a>"
Response.End
end if
next
RequestX=strTemp
end function


'function errOccur(strErr)
'Response.write "您的输入中存在问题:"&strErr&"<br>"
'Response.write "请<a href='login.html'>返回重试</a>"
'Response.End
'end function
'
'username=RequestX("username")
'password=RequestX("password")
'strSql="select * from userlist where username='"&username&"'and password='"&password&"'"
'set objRs=Server.CreateObject("ADODB.RECORDSET")
'objRs.open strSql,conn,1,1
'if objRs.eof then
'errOccur("登录失败，请检查您输入的用户名与密码是否正确")
'else
'response.write("登陆成功！")
'Session("username")=username
'end if
'conn.execute "update userlist set logintimes=logintimes+1 where username='"&RequestX("username")&"'"
%>