从用户那里获得2个日期,它的工作原理除外:如果两个日期都在2017年,则显示错误消息时显然不应该显示。
我手动将2016年改为2017年以查看它是否有所作为,但没有(使用Replace)。
以下是验证码:
todays_date = Date()
todays_date = Replace(todays_date, "/", "-")
If m_date_01 < todays_date Or m_date_02 < todays_date Then
m_valid = False
m_message = m_message & "<li>dates cannot be in the past</li>"
End If
response.write(todays_date)
response.write(m_date_01)
response.write(m_date_02)
答案 0 :(得分:5)
请勿使用USE [TestSecurity2016b]
GO
/****** Object: Table [dbo].[OrderDetails] Script Date: 2017-01-02 09:14:49 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[Orders]
(
[ID] [int] NOT NULL,
[SalesRep] [sysname] NOT NULL,
) ON [PRIMARY]
CREATE TABLE [dbo].[OrderShipments]
(
[ID] [int] NOT NULL,
[FK_OrderID] [int] NOT NULL,
[TrackingNumber] [varchar](25) NULL,
[ShippedOn] [Date] NULL,
) ON [PRIMARY]
CREATE TABLE [dbo].[OrderShipmentItems]
(
[ID] [int] NOT NULL,
[FK_OrderShipmentID] [int] NOT NULL,
[Product] [varchar](25) NOT NULL,
[Quantity] [int] NOT NULL,
) ON [PRIMARY]
GO
insert dbo.Orders values
(1, 'SalesRep1'),
(2, 'SalesRep2');
insert dbo.[OrderShipments] values
(1, 1, '1234', '2016-12-25'),
(2, 1, '4321', '2016-12-26'),
(3, 2, '5678', '2017-01-01');
insert dbo.[OrderShipmentItems] values
(1, 1, 'Benq w1070', 1),
(2, 1, '#8 Stainless bolts', 4),
(3, 2, 'HP x360 Laptop', 1),
(4, 3, 'Nintendo NES', 1),
(5, 3, 'Intellivision', 1),
(6, 3, 'Coleco', 1);
GO
create user Manager without login;
create user SalesRep1 without login;
create user SalesRep2 without login;
GO
grant select on dbo.Orders to Manager;
grant select on dbo.[OrderShipments] to Manager;
grant select on dbo.[OrderShipmentItems] to Manager;
grant select on dbo.Orders to SalesRep1;
grant select on dbo.[OrderShipments] to SalesRep1;
grant select on dbo.[OrderShipmentItems] to SalesRep1;
grant select on dbo.Orders to SalesRep2;
grant select on dbo.[OrderShipments] to SalesRep2;
grant select on dbo.[OrderShipmentItems] to SalesRep2;
GO
create function dbo.fn_orderfilter_predicate(@SalesRep as sysname)
returns table
with schemabinding
as
return select 1 as result
where @SalesRep = user_name() or user_name() = 'Manager';
GO
create function dbo.fn_ordershipmentsfilter_predicate(@FK_OrderID as int)
returns table
with schemabinding
as
return select 1 as result
where @FK_OrderID in (select ID as OrdersID from dbo.Orders where SalesRep = user_name() or user_name() = 'Manager')
GO
create function dbo.fn_ordershipmentitemsfilter_predicate(@FK_OrderShipmentID as int)
returns table
with schemabinding
as
return select 1 as result
where @FK_OrderShipmentID in
(
SELECT OrderShipments.ID AS OrderShipmentID
FROM dbo.Orders INNER JOIN
dbo.OrderShipments ON Orders.ID = OrderShipments.FK_OrderID
WHERE (Orders.SalesRep = USER_NAME() OR USER_NAME() = 'Manager')
AND (OrderShipments.ID = @FK_OrderShipmentID)
)
GO
create security policy OrdersFilter
add filter predicate dbo.fn_orderfilter_predicate(SalesRep)
on dbo.Orders
with (state = on);
GO
create security policy OrderShipmentsFilter
add filter predicate dbo.fn_ordershipmentsfilter_predicate(FK_OrderID)
on dbo.OrderShipments
with (state = on);
GO
create security policy OrderShipmentItemsFilter
add filter predicate dbo.fn_ordershipmentitemsfilter_predicate(FK_OrderShipmentID)
on dbo.OrderShipmentItems
with (state = on);
GO
execute as user = 'SalesRep1';
select * from dbo.Orders;
select * from dbo.OrderShipments;
select * from dbo.OrderShipmentItems;
revert;
GO
execute as user = 'SalesRep2';
select * from dbo.Orders;
select * from dbo.OrderShipments;
select * from dbo.OrderShipmentItems;
revert;
GO
execute as user = 'Manager';
select * from dbo.Orders;
select * from dbo.OrderShipments;
select * from dbo.OrderShipmentItems;
revert;
GO
和<来比较日期。有时它会起作用,但通常不会。更糟糕的是,它可能看起来像是在工作,因为它没有给出错误,但结果将是错误的。在您的情况下,您几乎肯定会得到错误的结果,因为您所谓的日期实际上是字符串,字符串比较与日期比较完全不同。 (例如,如果您排序&#34; 9-15-2016&#34;,&#34; 1-15-2017&#34;和&#34; 12-15-2016&#34; as字符串,你将获得1月,然后是12月,然后是9月。)
相反,请使用>确保您确实使用有效日期 1 ,然后使用IsDate()确定以后的日期。如果DateDiff("d", date1, date2)比date1更大(稍后发生),则结果将小于0.(您可以使用您想要的任何时间间隔,但是date2用于&#34;天数& #34;可能是最有用的。)
1 如果您正在处理用户输入,这一点尤其重要:即使我们忽略了恶意企图的问题,人们也会,感兴趣