我正在尝试记录验证,一切似乎都很好,但是当我将特殊字符字符串添加到另一个变量时,会导致错误发生。
我正在尝试检测用户是否输入了特殊字符,例如:!,.等等。
这是我的代码,
<form action="" method="get"/>
username:<input type="text" name="user"/><br>
password:<input type="password" name="pass"/><br>
<input type="submit" value="Login">
</form>
<%
dim user,pass, spchar, getspchar
user=request.querystring("user")
pass=request.querystring("pass")
spchar = "!"
getspchar = spchar
if user = "" then
response.write("Please provide your first name")
elseif pass = "" then
response.write("Please provide your password")
elseif user = spchar or pass = spchar then
response.write(getspchar &" Special character not allowed")
elseif user <> "admin" or pass <> "admin" then
response.write("Invalid Username or Password")
else
response.write("welcome")
end if
%>
答案 0 :(得分:1)
您需要做的是检查您的特殊字符是否在列表中。也许就像以下......
<%
Dim user, pass, specchars
'Put all your special characters in the following list...
user = Request.QueryString("user")
pass = Request.QueryString("pass")
specchars = "!£$%^"
If IsValid(user, specchars) And IsValid(pass, specchars) Then
Response.Write("Username and password are fine! Welcome!")
Else
Response.Write("Bad username or password.")
End if
'The reason I've given two arguments here is so that you can have different
'restricted characters for both the username and password...
Function IsValid(phrase, special)
Dim rv, c
For c = 1 to Len(specchars)
rv = (Instr(phrase, Mid(special, c, 1)) = 0)
Next
IsValid = rv
End Function
%>
另外,在这里,您可以在查询字符串中直观地显示您的用户名和密码,该字符串标记在您的网址末尾(类似www.example.com/default.asp?user=admin&pass=G0d);这不是一个好主意。至少尝试使用表单中的POST而不是GET。如果你这样做,那么你将不得不考虑改用Request.Form("controlname") ......而这只是表面上看。
请记住,这是一段非常基本的代码,我不建议使用任何类似的结构来保证您的互联网安全。您需要查看安全套接字层(SSL)和类似的加密。