请查看两个连接字符串,One to Access数据库,另一个连接到SQL Server数据库。
在我们最近更换托管公司并转移到godaddy.com之前,与Access数据库的连接运行良好
他们为我们提供了SQL Server数据库的连接字符串。
从那时起,我们无法成功连接到SQL Server。我们一直收到500(内部错误)。
我尝试联系他们,他们一直告诉我们没有其他人遇到同样的问题,我觉得很难相信。
你能看看你能找到我可能遗失的任何东西吗?
非常感谢大家。
''# Access DB Connection String
<%
Dim objConn, objRS
''# Set objConn = Server.CreateObject("ADODB.Connection")
''# objConn.Open "DSN=ship"
Set objConn=Server.CreateObject("ADODB.Connection")
objConn.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;" & _
"DATA SOURCE=" & server.mappath("admin\scart.mdb")
Set objRS = objConn.Execute("SELECT * FROM logins WHERE Username = '" & Request.Form("txtUsername") & "' AND password = '" & Request.Form("TxtPassword") & "' ")
If Not objRS.EOF Then
If objRS(1) = Request.Form("txtPassword") Then
Session.Contents("access_level") = objRS(2)
Session.Contents("ID") = objRS(3) ''#ID column
Session("username") = objRS("USERNAME")
Session("password") = objRS("password")
Response.Redirect "setup.asp"
Else
Response.Write "Sorry, but the password that you entered is incorrect. <a href='setup.asp'>Try again</a>"
End If
Else
Response.Write "Sorry, but the username that you entered does not exist. <a href='setup.asp'>Try again</a>"
End If
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
%>
<%
''# SQL Server connection string
Dim objConn, objRS
Dim qry, connectstr
Dim db_name, db_username, db_userpassword
Dim db_server
db_server = "MyServer name"
db_name = "nyDBName"
db_username = "MyUsername"
db_userpassword = "MyPassword"
connectstr = "Driver={SQL Server};SERVER=" & db_server & ";DATABASE=" & db_name & ";UID=" & db_username & ";PWD=" & db_userpassword
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open connectstr
SQL = "SELECT * FROM logins WHERE Username = '" & Request.Form("txtUsername") & "' AND password = '" & Request.Form("TxtPassword") & "' "
response.write sql
response.end
Set objRS = objConn.Execute(SQL)
If Not objRS.EOF Then
If objRS(1) = Request.Form("txtPassword") Then
Session.Contents("access_level") = objRS(2)
Session.Contents("ID") = objRS(3) ''# ID column
Session("username") = objRS("USERNAME")
Session("password") = objRS("password")
Response.Redirect "setup.asp"
Else
Response.Write "Sorry, but the password that you entered is incorrect. <a href='setup.asp'>Try again</a>"
End If
Else
Response.Write "Sorry, but the username that you entered does not exist. <a href='setup.asp'>Try again</a>"
End If
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
%>
答案 0 :(得分:0)
从您的问题来看,您是否要连接到access / mdb或sqlserver并不是很清楚。
但无论如何,以下两篇文章中的一篇将涵盖你。
http://support.godaddy.com/help/article/259
http://support.godaddy.com/help/256/connecting-to-a-microsoft-sql-server-database-using-aspado
但是,因为在您与我们共享的代码段中,userinput(Request.Form(“txtUsername”)直接放入SQL语句而没有任何清理,这只是几天您的数据库可能需要大量的SQL注入。
从这个角度来看,我可以说你很幸运,你无法连接。
首先,清理您的用户输入。消毒是一个很大的主题。 但请尝试将其作为直接解决方案。
dim txtUsername,txtPassword
txtUsername = Request.Form("txtUsername")
txtPassword = Request.Form("txtPassword")
'sanitize
txtPassword = replace(txtPassword,"'","''",1,-1,1)
txtUsername = replace(txtUsername,"'","''",1,-1,1)
Set objRS = objConn.Execute("SELECT * FROM logins WHERE Username = '" & txtUsername & "' AND password = '" & TxtPassword & "' ")
如上所述修复代码后,只有这样,您应该担心修复原始连接问题。所以,关于SQL注入的问题,当你在它的时候,也阅读XSS(跨站点脚本)
确保你公司的每个编码员都阅读它并理解这两件事是什么。你会很高兴的。或者你们迟早会陷入悲惨的状态。
祝你好运......