username = escape( Request.form("username") );
H!Kox J gO{0password = escape( Request.form("password") );PHPChina 开源社区门户_T8@ }3v6{,g9~�|
var rso = Server.CreateObject("ADODB.Recordset");
bm T&^�N8w.C,}0var sql = "select * from users where username = '" + username + "' and password = '" + password + "'";
/[ fYUL)I0rso.open( sql, cn );
function escape(str)
oQIq&g HT6S4Zz0{PHPChina 开源社区门户&t)r/PrE uCSe
var s = new string(str);
skKq/#^&@n0 var ret;
QTK9tw8E0 var re = new RegExp("'","g");PHPChina 开源社区门户E-E$?M._y4W(}b
ret = s.replace(re,"''");PHPChina 开源社区门户%Kz+c6o'W
return ret;PHPChina 开源社区门户?o.V5AL g
}
function badescape(str)PHPChina 开源社区门户�ycC.B(Hn6lj*f-}
{PHPChina 开源社区门户U(AN5L/s3Q7~H
var s = new string(str);
2a$x6E&`9QI0 var ret;PHPChina 开源社区门户)L1U4z/dQ
ret = s.replace("'","''");PHPChina 开源社区门户8m![~6n"G1b/a Z
return ret;PHPChina 开源社区门户} _6s6T9w [vpCh
}
username = escape(Request.form("username"));PHPChina 开源社区门户I0a2hb[7NG
oldpassword = escape(Request.form("oldpassword"));PHPChina 开源社区门户 }&WnJcz pN./,x+{
newpassword = escape(Request.form("newpassword"));
7n-_L?4KaR5|0var rso = Server.CreateObject("ADODB.Recordset");PHPChina 开源社区门户m$l?TLk
var sql = "select * from users where username='" + username + "' and password = '" + oldpassword + "'";PHPChina 开源社区门户ZE+]1k0d1@*SO$M
rso.open(sql, cn);
,/+]:g;rw fl(FF0if (rso.EOF)
-D"Kb.h5|$l h?c:K0{PHPChina 开源社区门户L,c;s2QP8@
...
sql = "update users set password = '" + newpassword + "' where username = '" + rso("username") + "'";
PHPChina 开源社区门户6f;w2L8?(v$M8{update users set password = 'password' where username = 'admin'--'
PHPChina 开源社区门户/nHw:a"`!J`c