UC知道or=or就能登陆网站后台?怎么修补?
来源:百度知道 编辑:UC知道 时间:2024/05/14 16:36:18
<!--#include file="Conn.asp"-->
<%if Request.QueryString("no")<>"eshop" then%>
<html>
<head>
<title>企业信息后台管理系统</title>
<meta name="Contact" content="mygodbook@sina.com.cn">
<meta name="Copyright" content="Godbook">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="Inc/ManageMent.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.style3 {color: #990000}
body {
background-color: #CCCCCC;
}
-->
</style>
</head>
<body>
<FORM ACTION="Login_administrator.asp?no=eshop" METHOD="post">
<p><br>
</p>
<p> </p>
<p><br>
</p>
<%if Request.QueryString("no")<>"eshop" then%>
<html>
<head>
<title>企业信息后台管理系统</title>
<meta name="Contact" content="mygodbook@sina.com.cn">
<meta name="Copyright" content="Godbook">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link href="Inc/ManageMent.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.style3 {color: #990000}
body {
background-color: #CCCCCC;
}
-->
</style>
</head>
<body>
<FORM ACTION="Login_administrator.asp?no=eshop" METHOD="post">
<p><br>
</p>
<p> </p>
<p><br>
</p>
sql = "select * from Manage_User where UserName='" & name & "' And PassWord='"&encrypt(pwd)&"'"
If Not rs.EOF = True Then
这样判断都是不对的,应该是先select password from Manage_User where UserName='" & name & "'"
然后在if pwd=rs("Password") then 正确