SQL注入式攻击之未正确过滤转义字符
例:comm.CommandText="select UserName from[User] where UserName='"+username+"'and Password='"+pwd+"'";
如果username=1'or't'='t'or2='3 则sql语句变成 where username='1'or't'='t'or2='3' and ……则无论password为何值where永远成立,外面就可以操纵数据库了,比如username= a';Drop table users;select * from data where name like '%.就可以从外部删除user表
办法:将要传的值进行参数化
"select UserName from [ User] where username UserName=@username and Password=@pwd";
OledbParameter[] paras= {new OledbParameter("@username",uname),new OledbParameter("@pwd",wd)};
com.parameters.addrange(paras);
object obj= comm.excuteScalar();//返回第一行第一列
if(obj!=Null){ response.redirect("main.html");}
else{ response.write("<script type='text/javascript'>alert('……')</script>");username="";pwd="";username.focus();}