asp的url传参出现乱码,导致数据库查询失败,如何破
日期:2014-05-17 浏览次数:20495 次
asp的url传参出现乱码,导致数据库查询失败,怎么破?
index.asp文件中部分内容:
<!--#include file ="conn2.asp"-->
<%
set rs=server.createobject("adodb.recordset")
exec="select * from ImgClass where ClassName<>'' order by Classid asc"
rs.open exec,conn,1,1
dim i,yu
i=0
%>
.....
maxlen=7 '其实是定好长度值
ClassName=rs("ClassName") '变量赋数据记录的字段值
If Len(ClassName)>maxlen then ClassName=left(ClassName,maxlen-1)&".." ''如果变量长度大于20--最长长度,让变量长度变成(20-2),后接...
%>
......
<td width="90" align="left"><a href="cpzs.asp?ClassName=<%=rs("ClassName")%>" title="<%=rs("ClassName")%>"><font color="#006699"><%=ClassName%></</font></a></td>
cpzs.asp中部分内容:
<!--#include file ="cp/include/connurl2.asp"-->
<%
ClassName=request("ClassName")
%>
......
<%
ClassName=request("ClassName")
const MaxPerPage=9
dim totalPut
dim CurrentPage
if not isempty(request("page")) then
currentPage=SafeRequest("page",1)
else
currentPage=1
end if
On Error Resume Next
set rs=server.createobject("adodb.recordset")
if ClassName="" then
Sql = "Select * from [ImgData] order by id desc"
Else
Sql = "Select * from [ImgData] where ClassName='"&server.URLEncode(ClassName)&"' order by id desc"
End IF
conn2.asp中内容:
<%
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
For SQL_Data=0 To Ubound(SQL_inj)
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL防注入系统"
Response.end
end if
next
%>
<%
dbpath=server.mappath("cp/include/linzi.asa")
set conn=server.createobject("adodb.connection")
conn.open "provider=microsoft.jet.oledb.4.0;data source=" & dbpath
index.asp文件中部分内容:
<!--#include file ="conn2.asp"-->
<%
set rs=server.createobject("adodb.recordset")
exec="select * from ImgClass where ClassName<>'' order by Classid asc"
rs.open exec,conn,1,1
dim i,yu
i=0
%>
.....
maxlen=7 '其实是定好长度值
ClassName=rs("ClassName") '变量赋数据记录的字段值
If Len(ClassName)>maxlen then ClassName=left(ClassName,maxlen-1)&".." ''如果变量长度大于20--最长长度,让变量长度变成(20-2),后接...
%>
......
<td width="90" align="left"><a href="cpzs.asp?ClassName=<%=rs("ClassName")%>" title="<%=rs("ClassName")%>"><font color="#006699"><%=ClassName%></</font></a></td>
cpzs.asp中部分内容:
<!--#include file ="cp/include/connurl2.asp"-->
<%
ClassName=request("ClassName")
%>
......
<%
ClassName=request("ClassName")
const MaxPerPage=9
dim totalPut
dim CurrentPage
if not isempty(request("page")) then
currentPage=SafeRequest("page",1)
else
currentPage=1
end if
On Error Resume Next
set rs=server.createobject("adodb.recordset")
if ClassName="" then
Sql = "Select * from [ImgData] order by id desc"
Else
Sql = "Select * from [ImgData] where ClassName='"&server.URLEncode(ClassName)&"' order by id desc"
End IF
conn2.asp中内容:
<%
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
For SQL_Data=0 To Ubound(SQL_inj)
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL防注入系统"
Response.end
end if
next
%>
<%
dbpath=server.mappath("cp/include/linzi.asa")
set conn=server.createobject("adodb.connection")
conn.open "provider=microsoft.jet.oledb.4.0;data source=" & dbpath
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
