string sql="select * from 用户资料库 where user'"+用户名+"' and password='"+密码+"";
this.oleDbConnection1.Open();
System.Data.OleDb.OleDbCommand command=new OleDbCommand(sql,this.oleDbConnection1);OleDbDataReader dataReader=command.ExecuteReader();
if (dataReader.Read)
{
验证通过
}
else
{
验证失败
}
this.oleDbConnection1.Open();
System.Data.OleDb.OleDbCommand command=new OleDbCommand(sql,this.oleDbConnection1);OleDbDataReader dataReader=command.ExecuteReader();
if (dataReader.Read)
{
验证通过
}
else
{
验证失败
}
应该是
if (dataReader.Read())
刚打错了
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>WebForm1</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio 7.0">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="WebForm1" method="post" runat="server">
<TABLE id="Table1" style="Z-INDEX: 103; LEFT: 140px; POSITION: absolute; TOP: 182px" cellSpacing="1" cellPadding="1" width="300" border="1">
<TR>
<TD>
<asp:Label id="Label1" runat="server">帐号:</asp:Label></TD>
<TD>
<asp:TextBox id="txtUserID" runat="server"></asp:TextBox></TD>
</TR>
<TR>
<TD>
<asp:Label id="Label2" runat="server">密码:</asp:Label></TD>
<TD>
<asp:TextBox id="txtUserPswd" runat="server" TextMode="Password"></asp:TextBox></TD>
</TR>
<TR>
<TD>
<asp:Button id="Button1" runat="server" Text="登陆"></asp:Button></TD>
<TD>
<INPUT type="reset" value="复位"></TD>
</TR>
</TABLE>
</form>
</body>
</HTML>
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;namespace GEO
{
/// <summary>
/// WebForm1 的摘要说明。
/// </summary>
public class WebForm1 : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.Button Button1;
protected System.Web.UI.WebControls.TextBox txtUserID;
protected System.Web.UI.WebControls.TextBox txtUserPswd;
protected System.Web.UI.WebControls.Label Label2;
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
} #region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN:该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
this.Button1.Click += new System.EventHandler(this.Button1_Click);
this.Load += new System.EventHandler(this.Page_Load); }
#endregion private void Button1_Click(object sender, System.EventArgs e)
{
string strUserID=this.txtUserID.Text.Trim();
string strUserPswd=this.txtUserPswd.Text.Trim();
SqlConnection sqlConn=new SqlConnection("你的连接字符串");
SqlCommand sqlComm=new SqlCommand("select count(*) rsCount from UserTable where UserID='"+strUserID+"' And UserPswd='"+strUserPswd+"'",sqlConn);
sqlConn.Open();
int intCount=(int)sqlComm.ExecuteScalar();
sqlConn.Close();
sqlComm.Dispose();
if(intCount==0)
{
Response.Write("<script language=javascript>alert('帐号("+strUserID.Replace("'",@"\'")+@")不存在或密码错误!");</script>");
}
else
{
Response.Write(@"<script language=javascript>alert('成功登陆');</script>");
}
}
}
}
比如用户名输入:
abc' or 'a'='a
此时SELECT语句就是:
="select * from 用户资料库 where user'abc' or 'a'='a' and password='sss';
验证就被突破了
把上面的代码:
SqlCommand sqlComm=new SqlCommand("select count(*) rsCount from UserTable where UserID='"+strUserID+"' And UserPswd='"+strUserPswd+"'",sqlConn);
修改为:
SqlCommand sqlComm=new SqlCommand("select count(*) rsCount from UserTable where UserID='"+strUserID.Replace("'","")+"' And UserPswd='"+strUserPswd+"'",sqlConn);
并且在注册用户的时候也自动把这个“'”过滤了,或者修改为其他的字母。