日期:2014-05-17  浏览次数:20576 次

Event code: 3005 是怎么回事呢
Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 2010-1-31 12:57:42 
Event time (UTC): 2010-1-31 4:57:42 
Event ID: a7b5573c49d9423f9cc8c08ca293aa71 
Event sequence: 10963 
Event occurrence: 16 
Event detail code: 0 
 
Application information: 
  Application domain: /LM/W3SVC/1849279060/Root-2-129093771234687500 
  Trust level: Full 
  Application Virtual Path: / 
  Application Path: E:\homepage\xiangdang\ 
  Machine name: HELLOWORLD 
 
Process information: 
  Process ID: 3452 
  Process name: w3wp.exe 
  Account name: NT AUTHORITY\NETWORK SERVICE 
 
Exception information: 
  Exception type: FormatException 
  Exception message: Input string was not in a correct format. 
 
Request information: 
  Request URL: http://www.xiangdang.net/fanwen.aspx?id=18911' and char(124)+user+char(124)=0 and ''=' 
  Request path: /fanwen.aspx 
  User host address: 60.181.156.60 
  User:  
  Is authenticated: False 
  Authentication Type:  
  Thread account name: NT AUTHORITY\NETWORK SERVICE 
 
Thread information: 
  Thread ID: 10 
  Thread account name: NT AUTHORITY\NETWORK SERVICE 
  Is impersonating: False 
  Stack trace: at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
  at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
  at System.Int32.Parse(String s)
  at ArticalDetial.Page_Load(Object sender, EventArgs e)
  at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
  at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
  at System.Web.UI.Control.OnLoad(EventArgs e)
  at System.Web.UI.Control.LoadRecursive()
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 
 
Custom event details: 

有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

------解决方案--------------------
你的查询参数是怎么写呢?

URL中的查询参数连接是用&符号:

如:

http://www.xiangdang.net/fanwen.aspx?id=9063&参数1=参数1值&参数2=参数2值




http://www.xiangdang.net/worddoc.aspx?id=9' 
很明显,查询参数多了单引号,导致你拼接的SQL语句出错。这样你的这个URL是存在SQL注入危险的。

建议你先判断或转换,再处理。不要使用你拼接的SQL语句,可用参数化你的SQL语句。