| 网站首页 | 业界新闻 | 小组 | 威客 | 人才 | 下载频道 | 博客 | 代码贴 | 在线编程 | 编程论坛
欢迎加入我们,一同切磋技术
用户名:   
 
密 码:  
共有 414 人关注过本帖
标题:有用户名id均为NULL是为什么,求教大侠
只看楼主 加入收藏
aaa9451
Rank: 1
等 级:新手上路
帖 子:1
专家分:0
注 册:2010-8-7
结帖率:0
收藏
已结贴  问题点数:20 回复次数:1 
有用户名id均为NULL是为什么,求教大侠
全部代码如下:(今日发现几个数据库中都都null的id和密码
,密码是md5加密的。不清楚怎么才能不让注册这种用户呢,是否是注入攻击,被黑了?请高人指点,小生新手


<%
Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
'Str = Replace(Str, """, "", 1, -1, 1)
Str = Replace(Str,"<?","", 1, -1, 1)
Str = Replace(Str,">?","", 1, -1, 1)
Str = Replace(Str, "script", "", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "", 1, -1, 0)
Str = Replace(Str, "Script", "", 1, -1, 0)
Str = Replace(Str, "script", "", 1, -1, 1)
Str = Replace(Str, "object", "", 1, -1, 0)
Str = Replace(Str, "OBJECT", "", 1, -1, 0)
Str = Replace(Str, "Object", "", 1, -1, 0)
Str = Replace(Str, "object", "", 1, -1, 1)
Str = Replace(Str, "applet", "", 1, -1, 0)
Str = Replace(Str, "APPLET", "", 1, -1, 0)
Str = Replace(Str, "Applet", "", 1, -1, 0)
Str = Replace(Str, "applet", "", 1, -1, 1)
Str = Replace(Str, "[", "")
Str = Replace(Str, "]", "")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "", 1, -1, 1)
Str = Replace(Str, "'", "", 1, -1, 1)
Str = Replace(Str, "select", "", 1, -1, 1)
Str = Replace(Str, "execute", "", 1, -1, 1)
Str = Replace(Str, "exec", "", 1, -1, 1)
Str = Replace(Str, "join", "", 1, -1, 1)
Str = Replace(Str, "union", "", 1, -1, 1)
Str = Replace(Str, "where", "", 1, -1, 1)
Str = Replace(Str, "insert", "", 1, -1, 1)
Str = Replace(Str, "delete", "", 1, -1, 1)
Str = Replace(Str, "update", "", 1, -1, 1)
Str = Replace(Str, "like", "", 1, -1, 1)
Str = Replace(Str, "drop", "", 1, -1, 1)
Str = Replace(Str, "create", "", 1, -1, 1)
Str = Replace(Str, "rename", "", 1, -1, 1)
Str = Replace(Str, "count", "", 1, -1, 1)
Str = Replace(Str, "chr", "", 1, -1, 1)
Str = Replace(Str, "mid", "", 1, -1, 1)
Str = Replace(Str, "truncate", "", 1, -1, 1)
Str = Replace(Str, "nchar", "", 1, -1, 1)
Str = Replace(Str, "char", "", 1, -1, 1)
Str = Replace(Str, "alter", "", 1, -1, 1)
Str = Replace(Str, "cast", "", 1, -1, 1)
Str = Replace(Str, "exists", "", 1, -1, 1)
Str = Replace(Str,Chr(13),"<?br>;", 1, -1, 1)
CheckStr = Replace(Str,"ˇ","ˇˇ", 1, -1, 1)
End Function
%>

<% '//SQL防注入函数,参数UnSql_Words为传入的变量或字串,UnSql_Class为类型 1数字型,2字符型 Function UnSql(UnSql_Words,UnSql_Class)   If UnSql_Class = 1 Then     If IsNumeric(UnSql_Words) = False Then       Response.Write "<title>错误:请勿尝注非法注入</title>"       Response.Write "<font size=2>偶一直在那痛苦滴边缘徘徊!</font>"       Response.Write "&nbsp;&nbsp;&nbsp;&nbsp;<font color=#ffffff size=2>[BY 枫知秋,QQ 600251]</font>"       Response.End()     End If   Else     UnSql_Words = Replace(UnSql_Words,"'","")     UnSql_Words = Replace(UnSql_Words,";","")     UnSql_Words = Replace(UnSql_Words,"=","")     UnSql_Words = Replace(UnSql_Words,">","")     UnSql_Words = Replace(UnSql_Words,"<","")   End If UnSql = UnSql_Words End Function %>
<!--#include file="coss.asp"-->
<!--#include file = "md5.asp"-->
<%
Private Function getIP()
Dim strIPAddr
If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
strIPAddr = Request.ServerVariables("REMOTE_ADDR")
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
Else
strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
End If
getIP = Trim(Mid(strIPAddr, 1, 30))
End Function
Function ChkInvaildWord(Words)
Const InvaildWords="select|update|delete|insert|union|--|,|'" '需要过滤得字符以“|”隔开,最后结束的字符必须是|

ChkInvaildWord=True
InvaildWord=Split(InvaildWords,"|")
inWords=LCase(Trim(Words))

For i=LBound(InvaildWord) To UBound(InvaildWord)
If Instr(inWords,InvaildWord(i))>0 Then
ChkInvaildWord=True
Exit Function
End If
Next
ChkInvaildWord=False
End Function
  if(request("action")="save") then

     id=request("id")
     pwd1=request("passwd")
     pwd2=request("passwd_re")
     an1=request("anquanma")
     an2=request("anquanma2")     
     
     if(ChkInvaildWord(id) or ChkInvaildWord(pwd1) or ChkInvaildWord(pwd2) or ChkInvaildWord(an1) or ChkInvaildWord(an2)) then
        Response.write "<SCRIPT language=JavaScript>alert('包含非法字符!');history.go(-1);</SCRIPT>"
        Response.End
     end if
     if pwd1<>pwd2 then
        Response.write "<SCRIPT language=JavaScript>alert('两次密码不一致!');history.go(-1);</SCRIPT>"
        Response.End
     end if

     if an1<>an2 then
        Response.write "<SCRIPT language=JavaScript>alert('两次安全码不一致!');history.go(-1);</SCRIPT>"
        Response.End
     end if     
     
    pwd1 = md5(pwd1)
     Set rs1= Server.CreateObject("ADODB.Recordset")
     SQL="Select * from account_login where name='"&Checkstr(request("username"))&id&"'"
     rs1.open SQL,conn,1,3
     if rs1.eof or rs1.bof then
        rs1.addnew
        rs1("name")=id
        rs1("password")=pwd1
        rs1("anquanma")=an1
        rs1.update
        rs1.close
        Response.write "<SCRIPT language=JavaScript>alert('注册成功!');history.go(-1);</SCRIPT>"
     else
        rs1.close
        Response.write "<SCRIPT language=JavaScript>alert('ID已经被使用,注册失败!');history.go(-1);</SCRIPT>"
        Response.End
     end if
     set rs1=nothing
  end if
  %>

<html>

<head>
<STYLE type=text/css>
BODY {
    FONT-SIZE: 12px; COLOR: #c0c7c6
}
TD {
    FONT-SIZE: 12px; COLOR: #c0c7c6
}
TH {
    FONT-SIZE: 12px; COLOR: #c0c7c6
}
BODY {
    MARGIN: 0px; BACKGROUND-COLOR: #1a2621
}
.style5 {
    COLOR: #ffff00
}
</STYLE>
<LINK href="/image/woool.css" type=text/css rel=stylesheet>
<STYLE type=text/css>
BODY {
    COLOR: #ffffff;
    margin-top: 130px;
    background-image: url(/image/gunz00_renewal.jpg);
}
TD {
    COLOR: #ffffff
}
TH {
    COLOR: #ffffff
}
A:link {
    COLOR: #ffffff
}
A {
    FONT-SIZE: 14px
}
.STYLE6 {color: #000000}
</STYLE>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>注册帐号</title>
</head>
<script language="vbscript">   

function checkform()
   
   Set regEx = New RegExp

   struserid = Document.form.id.value

    if struserid ="" then
        msgbox("请输入你的帐号!")
        document.form.id.focus()
        checkform=false
        exit function
    end if   
   
    regEx.Pattern = "\W"
    regEx.IgnoreCase = false
    Set Match = regEx.Execute(struserid)
    if Match.count>0 then
       msgbox("您的帐号不符合规则!")
       document.form.id.focus()
       checkform=false
       exit function
    End if
    set Match = nothing
    if len(struserid) < 4 or len(struserid)>12 then
        msgbox("帐号长度不正确,请输入长度4-12位的帐号!")
        document.form.id.focus()
        checkform=false
        exit function
    end if   

    if len(document.form.passwd.value) < 6 or len(document.form.passwd.value) > 12 then
        msgbox("错误的密码长度,请输入长度6-12位的密码!")
        document.form.passwd.focus()
        checkform=false
        exit function
    end if
   
    if len(document.form.anquanma.value) < 4 or len(document.form.anquanma.value) > 12 then
        msgbox("错误的安全码长度,请输入长度4-12位的安全码!")
        document.form.anquanma.focus()
        checkform=false
        exit function
    end if   
   
    if instr(document.form.passwd.value," ") > 0 then
        msgbox("密码中不能有空格")
        document.form.passwd.focus()
        checkform=false
        exit function
    end if
   
        if instr(document.form.anquanma.value," ") > 0 then
        msgbox("安全码中不能有空格")
        document.form.anquanma.focus()
        checkform=false
        exit function
    end if
   
    if (document.form.passwd.value <> document.form.passwd_re.value) then
        msgbox("两次输入的密码不一致!")
        document.form.passwd_re.focus()
        checkform=false
        exit function
    end if
   
    if (document.form.anquanma.value <> document.form.anquanma2.value) then
        msgbox("两次输入的安全码不一致!")
        document.form.anquanma2.focus()
        checkform=false
        exit function
    end if        
        
    document.form.action="reg.asp?action=save"
    return true
  end function
</script>

<body link="#FFFFFF" vlink="#FFFFFF" alink="#FFFFFF" style="background-color: #FFFFFF">

                        <div align="center">
                          <center>

                        
    <TABLE cellSpacing=0 cellPadding=0 width="81%"
                        bgColor=#006699 border=0 height="310">
<form name='form' method='post' action='' onSubmit="javascript:return checkform();">
      <TR>
          <TD width="28%"
                            height=48 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6">   <b><font size="3">账号注册</font></b></span></TD>
          <TD width="72%" bgColor=#FFFFFF height="48" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF">
      <span class="STYLE6"> 版权所有:开心</span></TD>
      </TR>
      <TR bgcolor="#006699">
        <TD width="28%"
                            height=43 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
        <b><span class="STYLE6">*帐号:</span></b></TD>
        <TD width="72%" height="43" bgcolor="#FFFFFF" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"><span class="STYLE6">
          <input type="text" name="id" maxlength="12" size="12">
          &nbsp;&nbsp;&nbsp; 字符或数字组成,不区分大小写,长度4~12位</span></TD>
      </TR>
      <TR bgcolor="#006699">
        <TD
                            height=34 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><b><span class="STYLE6">*安全码:</span></b></TD>
        <TD height="34" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6">
          <input name="anquanma" type="text" id="anquanma" size="12" maxlength="12">
        &nbsp;&nbsp;&nbsp; 长度4~12位,找回密码用,不要和密码一致,为了防止有人骗取玩家密码,GM不处理修改密码业务</span></TD>
      </TR>
      <TR bgcolor="#006699">
        <TD
                            height=34 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><b><span class="STYLE6">*确认安全码:</span></b></TD>
        <TD height="34" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6">
          <input name="anquanma2" type="text" id="anquanma2" size="12" maxlength="12">
          &nbsp;&nbsp;&nbsp; 长度4~12位,找回密码用,不要和密码一致,为了防止有人骗取玩家密码,GM不处理修改密码业务</span></TD>
      </TR>
      <TR bgcolor="#006699">
        <TD width="28%"
                            height=34 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
        <b><span class="STYLE6">*密码:</span></b></TD>
        <TD width="72%" height="34" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><span class="STYLE6">
          <input type="password" name="passwd" maxlength="12" size="12">
          &nbsp;&nbsp;&nbsp; 字符、数字或特殊字符组成,区分大小写,长度6~12位</span></TD>
      </TR>
      <TR bgcolor="#006699">
        <TD width="28%"
                            height=50 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
        <b><span class="STYLE6">*确认密码:</span></b></TD>
        <TD width="72%" height="50" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF"><font color="#CC33FF">
          <input type="password" name="passwd_re" maxlength="12" size="12">
          &nbsp;&nbsp;&nbsp; </font><font color="#99CC00">&nbsp;</font><span class="STYLE6">字符、数字或特殊字符组成,区分大小写,长度6~12位</span></TD>
      </TR>
      <TR>
        <TD width="28%"
                            height=67 bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" bgcolor="#FFFFFF">
        <p> </p></TD>
        <TD width="72%" bgColor=#FFFFFF height="67" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"> <p align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            <input type="submit" value="现在注册" name="B1">
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
      </TR>
    </form>
    </TABLE>

                          </center>
</div>

</body>

</html>
搜索更多相关主题的帖子: NULL 用户名 
2010-08-07 11:05
hams
Rank: 12Rank: 12Rank: 12
等 级:贵宾
威 望:18
帖 子:912
专家分:3670
注 册:2008-7-30
收藏
得分:20 
对输入的内容进行过滤或规则验证。

俺不高手,俺也是来学习的。
俺的意见不一定就对,当你不认同时请点忽视按钮。
当走到十字路口不知该如何走时,可在论坛问下路,但你若希望别人能一路把你送到目的地,显然是不现实的,因为别人也有自己要走的路。
2010-08-07 12:08
快速回复:有用户名id均为NULL是为什么,求教大侠
数据加载中...
 
   



关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.020421 second(s), 9 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved