![height]( "height")
本文介绍了如何为我的反馈页面安全sql注入攻击的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 我是asp经典的新用户我创建了一个页面名称feedbaack,我有一些像电子邮件和反馈这样的字段,现在运行一个简单的插入查询我想知道如何我将保护我的网站免受任何攻击这里是我的两个问题也首先是我如何使用代码来防止SQL注入攻击。第二个是plz提供帮助来创建验证码图像也适用于经典的asp。 感谢我附在这里我的代码PLZ审查所以我可以正常工作 < !DOCTYPE HTML PUBLIC - // W3C // DTD HTML 4.0过渡// EN > 将HTML>< HEAD>< TITLE>无标题文档< / TITLE> < META http-equiv = Content-Type content =text / html; charset = x-user-defined> < SCRIPT language = JavaScript type = text / JavaScript> <! - 函数MM_reloadPage(init){//重新加载窗口如果Nav4调整了 if(init == true)with(navigator){if((appName ==Netscape)&&(parseInt(appVersion)== 4)){ document.MM_pgW = innerWidth; document.MM_pgH = innerHeight;在onResize = MM_reloadPage; } $ else if(innerWidth!= document.MM_pgW || innerHeight!= document.MM_pgH)location.reload(); } MM_reloadPage(true); // - > < / SCRIPT> < META content =MSHTML 6.00。 2800.1476\" 名称= GENERATOR> 将/ HEAD> 将正文=#000000 BGCOLOR =#eefcff LEFTMARGIN = 0 TOPMARGIN = 0> border = 0> < IMG height = 36 src =images / Head_01.gif width = 198>< IMG height = 36 src =images / Head_02.gifwidth = 199>< IMG height = 36 src =images /Head_03.gifwidth = 197>< IMG height = 36 src =images / Head_04.gifwidth = 185> < IMG height = 39 src =images / Head_05.gifwidth = 198 border = 0>< IMG height = 39 src =images / Head_06.gifwidth = 199>< IMG height = 39 src =images / Head_07.gifwidth = 197>< IMG height = 39 src =images / Head_08.gifwidth = 185> Hi,I am new user for asp classic i create a page name feedbaack where i have some feilds like name email and feedback and run a simple query of insert now i would like to know how i will secure my site from any attack here is mine two question also first is that how i use code to prevent sql injection attack. and second is plz provide help to create captcha image for this also in classic asp.Thanks i attached here my code plz review so i can do my work properly<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><TITLE>Untitled Document</TITLE><META http-equiv=Content-Type content="text/html; charset=x-user-defined"><SCRIPT language=JavaScript type=text/JavaScript><!--function MM_reloadPage(init) { //reloads the window if Nav4 resized if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) { document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();}MM_reloadPage(true);//--></SCRIPT><META content="MSHTML 6.00.2800.1476" name=GENERATOR></HEAD><BODY text=#000000 bgColor=#eefcff leftMargin=0 topMargin=0> border=0> <IMG height=36 src="images/Head_01.gif" width=198><IMG height=36 src="images/Head_02.gif" width=199><IMG height=36 src="images/Head_03.gif" width=197><IMG height=36 src="images/Head_04.gif" width=185> <IMG height=39 src="images/Head_05.gif" width=198 border=0><IMG height=39 src="images/Head_06.gif" width=199><IMG height=39 src="images/Head_07.gif" width=197><IMG height=39 src="images/Head_08.gif" width=185> color =#2c5783> ; color=#2c5783> href =Index.htm>主页 color =#2c5783> color=#2c5783> size = 1>反馈 color =#2c5783> color=#2c5783> 联系我们 < / STYLE> <% dim mcomments dim musername dim museradd dim museremail dim musertel 昏暗的数据,conn mcomments = request.form(comments ) musername = request.form(username) museradd = request.form(useradd) museremail = request。 form(useremail) musertel = request.form(usertel) muserdt = now %> 姓名 <%response.write(musername)%> 地址 <%response.write(museradd)%> 电话号码 < %response.write(musertel)%> 电子邮件 <%response.write(museremail)%> 评论/建议 <%response .write(mcomments)%> 日期 <%response.write(muserdt)% > <% set conn = server.createobject(adodb.connection) mytb =DRIVER = {Microsoft Access Driver(* .mdb)}; DBQ =& server.mappath(tdr.mdb) conn.Open mytb 昏暗的mysql mysql =插入反馈(评论,用户名,useradd,useremail,usertel,userdt)& _ values(''& mcomments&'',' '& _ musername&'',''& _ museradd&'',''& _ museremail&'',''& _ musertel&'',''& _ muserdt& '') conn.execute(mysql) conn.close set conn = nothing%> < form method =POSTaction =feedback.shtm> </STYLE> <%dim mcommentsdim musernamedim museradddim museremaildim muserteldim data, connmcomments = request.form("comments")musername = request.form("username")museradd = request.form("useradd")museremail = request.form("useremail")musertel = request.form("usertel")muserdt = now%> Name <% response.write(musername) %> Address <% response.write(museradd) %> Telephone No. <% response.write(musertel) %> Email <% response.write(museremail) %> Comments / Suggestions <% response.write(mcomments) %> Date <% response.write(muserdt) %> <%set conn=server.createobject("adodb.connection")mytb = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & server.mappath("tdr.mdb")conn.Open mytbDim mysqlmysql = "insert into feedback(comments,username,useradd,useremail,usertel,userdt) " &_ "values(''" & mcomments & "'',''" &_ musername & "'',''" &_ museradd & "'',''" &_ museremail & "'',''" &_ musertel & "'',''" &_ muserdt & "'')"conn.execute(mysql)conn.closeset conn=nothing %><form method="POST" action="feedback.shtm"> 感谢您发送给我们 评论/建议 < ; input type =submitvalue =OKname =B1style =background-color:#b7cce4;颜色:rgb(255,255,255)> < / form> </form> 推荐答案 我回答了这个问题在你以后的帖子中。I answered this in your later post. 这篇关于如何为我的反馈页面安全sql注入攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 10-29 14:44