没有选择数据提交后肯定是错误的了,getChkBox没有值最后sql语句变为delete from tb_User where User_id in ()不出错还真见鬼了,而且你数据也不验证下格式,不是找注入吗。。要用正则验证下数据格式getChkBox = request("BoxUser")&"" set rx=new RegExp rx.Global=true rx.Pattern="^\d+(,\d+)?$" if not rx.Test(getChkBox) then response.Write "getChkBox数据格式错误" response.End end if set rx=nothing而且写的js也太庸余,并且ie only [<a style="color:red;cursor:hand;" onclick="Check1(document.Del_User)">删除</a>] function Check1(f) { var cb = f.BoxUser; var checked = false; if (cb.length) { for (var i = 0; i < cb.length; i++) if (cb[i].checked) { checked = true; break; } } else checked = cb.checked; if (!checked) { alert("请选择要删除的项目"); return } f.action = "index1_del_ok.asp"; f.submit(); }
<style type="text/css">
<!--
.style1 {font-size: 9pt}
.样式1 {font-size: 9pt}
-->
</style>
<!--#include file="Conn/conn.asp"-->
<%
getChkBox = request("BoxUser")
getcondition = replace(trim(request("condition")),"'","''")
getkey = replace(trim(request("key")),"'","''")
getpageno = replace(trim(request("pageno")),"'","")
rssql = "delete from tb_User where User_id in ("&getChkBox&")"conn.Execute(rssql)
response.Redirect("index.asp?condition="&getcondition&"&key="&getkey)
%>
以上index1_del_ok.asp页面代码
<!--
.style1 {font-size: 9pt}
.a1 {font-size: 9pt}
-->
</style> <td height="30" align="center" nowrap> <span class="a1"><%=rs("User_Name")%> </span></td>
<td height="30" align="center" nowrap> <span class="a1"><%=rs("User_Sex")%> </span></td>
<td height="30" align="center" nowrap> <span class="a1"><%=rs("only_you")%> </span></td>
<td height="30" align="center" nowrap> <span class="a1"><%=rs("IPAddress")%> </span></td>
<td height="30" align="center" nowrap> <span class="a1"><%=rs("Grade")%> </span></td>
<td height="30" align="center" nowrap><span class="a1"> [修 改] </span></td>全改天了还是不行!!
set rx=new RegExp
rx.Global=true
rx.Pattern="^\d+(,\d+)?$"
if not rx.Test(getChkBox) then
response.Write "getChkBox数据格式错误"
response.End
end if
set rx=nothing而且写的js也太庸余,并且ie only
[<a style="color:red;cursor:hand;" onclick="Check1(document.Del_User)">删除</a>]
function Check1(f) {
var cb = f.BoxUser;
var checked = false;
if (cb.length) {
for (var i = 0; i < cb.length; i++) if (cb[i].checked) { checked = true; break; }
}
else checked = cb.checked;
if (!checked) { alert("请选择要删除的项目"); return }
f.action = "index1_del_ok.asp";
f.submit();
}