2=客户端脚本限制,如上
3=ASP检测,
some = Request("some")
If Len(Some) > MaxLen Then
'Error
Else
'Ok, do something
End If
VB, Delphi, ASP, PHP, JSP, .NET MS SQL, My SQL, Oracle Diablo, StarCraft, WarCraft, World of Warcraft
谢谢楼上的!可是加在下面代码中出错! 大家在帮忙看一下! <!-- #Include File=Conn.asp --> <!-- #Include File=setup.asp --> <% dim username,password,password2,company,address,tel,fax,code,email,flag,sql,addsql,tempinfo
Username = Trim(Request("Username")) Password = Trim(Request("Password")) Password2 = Trim(Request("Password2")) Company = Trim(Request("Company")) Address = Trim(Request("Address")) Tel = Trim(Request("Tel")) Fax = Trim(Request("Fax")) Code = Trim(Request("Code")) Email = Trim(Request("Email")) flag = Trim(Request("flag")) for i=1 to len(username) user=mid(username,i,1) if user="'" or user="%" or user="<" or user=">" or user="&" or user="|" then response.write "<script language=JavaScript>" & "alert('您的用户名含有非法字符,请重新输入!');" & "history.back()" & "</script>" response.end end if next for i=1 to len(password) pass=mid(password,i,1) if pass="'" or pass="%" or pass="<" or pass=">" or upass="&" or pass="|" then response.write "<script language=JavaScript>" & "alert('您的密码含有非法字符,请重新输入!');" & "history.back()" & "</script>" response.end end if next
If Username = "" Or Password = "" Or Password2 = "" Or Company = "" Or Address = "" Or Tel = "" Or Code = "" Or Email = "" Or flag = "" Then response.write "<script language=JavaScript>" & chr(13) & "alert('请检查您填写的内容是否完整!');" & "history.back()" & "</script>" Response.End ElseIf Instr(Email, "@") = 0 Or Right(Email, 1) = "@" Or Left(Email, 1) = "@" Then response.write "<script language=JavaScript>" & chr(13) & "alert('请检查您的邮件地址是否正确!');" & "history.back()" & "</script>" Response.End ElseIf Password <> Password2 Then response.write "<script language=JavaScript>" & chr(13) & "alert('两次输入的密码不一到致!');" & "history.back()" & "</script>" Response.End End If if fax="" then fax="无" end if sql = "Select * From info Where 用户名 = '"&Username&"'" set rs = conn.Execute(sql) If Not rs.EOF Then response.write "<script language=JavaScript>" & chr(13) & "alert('此用户名已经有人使用了!');" & "history.back()" & "</script>" Response.End End If
tempsql = "Select * From tempinfo Where 用户名 = '"&Username&"'" set rs = conn.Execute(tempsql) If Not rs.EOF Then response.write "<script language=JavaScript>" & chr(13) & "alert('您已经加入了本站会员数据库,正等待管理员审核!');" & "history.back()" & "</script>" Response.End End If
if tempinfo=1 then addsql="insert into tempinfo (用户名,密码,公司名称,公司地址,电话,传真,邮编,电子邮件,日期,flag) values ('"&username&"' , '"&password&"', '"&company&"', '"&address&"', '"&tel&"', '"&fax&"', '"&code&"','"&email&"', now ,'"&flag&"')" set rs=conn.execute(addsql) Conn.Close Set Conn=Nothing Response.Write "<center><br><br><br><br>会员信息提交成功,正等待管理员审核!" Response.Write "按" Response.Write "<a href="&(homepage)&">" Response.Write "这里" Response.Write "</a>" Response.Write "返回主页。" else addsql="insert into info (用户名,密码,公司名称,公司地址,电话,传真,邮编,电子邮件,日期,flag) values ('"&username&"' , '"&password&"', '"&company&"', '"&address&"', '"&tel&"', '"&fax&"', '"&code&"','"&email&"', now ,"&flag&"')" set rs=conn.execute(addsql) Conn.Close Set Conn=Nothing Response.Write "<center><br><br><br><br>恭喜您!您已经成为我们公司的会员了!" Response.Write "按" Response.Write "<a href='login2.asp'>" Response.Write "这里" Response.Write "</a>" Response.Write "进入会员登录。"
end if %>