UC知道asp代码的问题 请高手帮帮忙 急
来源:百度知道 编辑:UC知道 时间:2024/07/05 16:56:05
下边的是一个网页后台的代码
<%
Response.Buffer=true
Response.Expires=0
Response.ExpiresAbsolute=Now()-1
Response.CacheControl="no-cache"
%>
<!--#include file="include/conn.asp"-->
<!--#include file="include/function.asp"-->
<%
session("verifycode")=randStr(4)
If Not Isempty(Request("login")) Then
txt_name=Str_filter(Request.Form("txt_name"))
txt_passwd=Str_filter(Request.Form("txt_passwd"))
verifycode=Str_filter(Request.Form("verifycode"))
verifycode2=Str_filter(Request.Form("verifycode2"))
If verifycode <> verifycode2 then
Response.write"<SCRIPT language='JavaScript'>alert('您输入的验证码不正确!');location.href='login.asp'</SCRIPT>"
Response.End()
Else
Session("verifycode")=""
End IF
If txt_name&
<%
Response.Buffer=true
Response.Expires=0
Response.ExpiresAbsolute=Now()-1
Response.CacheControl="no-cache"
%>
<!--#include file="include/conn.asp"-->
<!--#include file="include/function.asp"-->
<%
session("verifycode")=randStr(4)
If Not Isempty(Request("login")) Then
txt_name=Str_filter(Request.Form("txt_name"))
txt_passwd=Str_filter(Request.Form("txt_passwd"))
verifycode=Str_filter(Request.Form("verifycode"))
verifycode2=Str_filter(Request.Form("verifycode2"))
If verifycode <> verifycode2 then
Response.write"<SCRIPT language='JavaScript'>alert('您输入的验证码不正确!');location.href='login.asp'</SCRIPT>"
Response.End()
Else
Session("verifycode")=""
End IF
If txt_name&
这防止用户输入非法字符,确保数据库安全。当在登陆页面上或者是地址栏中输入一些非法字符如'、?、.等符号都可以登陆上去,或就想上楼说的,确保SQL注入攻击。STR-filter这是用户自己定义的函数提。可以起到判断的作用!祝你好运!好好学习ASP吧,朋友努力!
Str_filter 用于字符串过滤,确保不被SQL注入攻击
用ASP判断比JS更安全,JS很容易被突破,两重判断是正确的