|
Blue Forest http://www.lslnet.com at 8:28 on August 25, 2006
 [Resolved] strange ah. . Asp insert information, please help solve oh
New.htm page is the complete user information, the information submitted to insert data add.asp
New.htm code is :
"Form filled="f"" form1 "name="_ftn1"" form1 "method=" post "action=" add.asp ""
"Input name="_ftn1"" t "type=" government "filled="f"" t "everywhere
"Textarea name="_ftn1"" n "filled="f"" n "" </textarea>
"Input type=" submit "name="_ftn1"" submit "value=" present "everywhere
"/form>
Then, add.asp code is :
"!--#include File=" conn.asp "TOP 10
<%
'Omission opened a lot of database code
Rs = ( "aaa") =request.form ( "t")
Rs = ( "bbb") =request.form ( "n")
'......
%>
Then again, if the textarea where new.htm fill a text and then submit them, we would absolutely be able to insert success!
But the question remains : If the filling is not a text, but some HTML code into doping, the complicated simple can, and then point, only to see the new.htm blinking for a moment, the code also failed to happen, there is not inserted into the database.
I deleted all of those codes, place some pure text, the author, once again! Strange!
Note : do not necessarily have to be submitted as a text, sometimes http://www.info.gov.hk/afd/afdparks/ehome.htm code can also be placed on simple, sometimes we can not. . . Strange, oh. . . . . . . Who has seen a solution to this problem? ? ? ?
I reached the document server, a test is still the same problem. . . .
Take the example code inserted :
Function rphtml (c)
C=Replace (c, "" "" "")
C=Replace (c, "" "" "")
C=Replace (c, "" "" "" ")
C=Replace (c, " '" "'")
C=Replace (c, "", "")
C=Replace (c, vbcrlf, "" School Official Cites Use ")
Rphtml=c
End function
Rs = ( "aaa") =rphtml (request.form ( "t"))
Rs = ( "bbb") =rphtml (request.form ( "n"))
Can be inserted in the local, not even in the server!
Then, the test many times, the server code can be inserted in the local not surprise!
I went to some websites directly Ctrl+a and then copy (with pictures and flash, etc.), then there adhesive : new.htm
Even local sometimes, and sometimes we can not. On the server test, it is sometimes, and sometimes we can not.
Some website copy to be inserted, but some not. . . .
Sometimes the same characters, and sometimes it can be inserted, and sometimes not. . . Going a !~~
|
| HTML语句 must insert? Not using the filter function code ``` |
' “ < >
Such characters may be related to the conflict and asp, into first
Quot; lt; & & & & acute; gt;
Then response.write out
|
: Must use HTML. . . . |
Not into. . . . . Inform the wing? |
For example,
Replace (string, or variable name, " '" "' '")
Italy string variable to be the name 'conversion No. " |
| Need formatting html |
Ha ha. . . Has been resolved. . . . . . .
Today, editing documents on a database connection. Hey. . . . Discovered the problems lie (not) :
I added characters in the document filtering database connection code!
As follows :
Dim sql_injdata
SQL_injdata = " '|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split (SQL_Injdata "|")
If Request.Form<> "" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound (SQL_inj)
If instr (Request.Form (Sql_Post) Sql_Inj (Sql_DATA)), "Then 0
Response.Write "" Script Language=JavaScript>history.back (1) "/Script>"
Response.end
End if
Next
Next
End if
Saw history.back (-1), without /??? laughter /// because the data submitted, included in the filter area. Therefore, the implementation of a return to the preceding page of the operation! I said is a phenomenon!
Haha, really happy ah. The original is like this. . .
Trouble troubles you, thank you liaoyizhi520 study5 zheman
PS : But this way, we must guard against SQL, but also Copy code. . . .
Really not submitted those Eastern oh. . . How do? |
|
