填空题
[说明]
某留言系统采用ASP+Access开发,其后台管理登录页面如图所示。
某留言系统采用ASP+Access开发,其后台管理登录页面如图所示。
填空题
[问题1]
以下是该后台管理登录页面login.asp的部分代码,请仔细阅读该段代码,根据上图将横线处的空缺代码补齐。
<! -- # include file= "conn . asp" - >
<! -- # include file= "md5 . asp"-->
<! -- # include file=",bbb.asp"-->
<%
If request . Form("submit") = "管理登陆" Then
User name= request. Form (" 1")
Password = request.Form(" 2")
Verifycode = request.Form(" 3")
If user name = " " Then
Call infoback("用户名不能为空!")
End If
……
Set 4= server.CreateObj ect ("adodb . recordset")
Sq1 = "select * from administrator 5 user name = " "&user_nam"amehe&" "
And password= " "&md5 (password) &"""
rs. Open 6, conn, 1,1
If 7 rs. EOF Then
Session ("user name") = user name
response . redirect"information . asp"
Else
Call infoback("用户名或密码错误!" )
End If
End If
%>
<html>
……
<body>
<form method = "post " action = " login * asp " id = "login ">
<hl>管理员登陆</hl>
<label for = "user name">用户名:
Input name = "user name" type = "text" class = "user name"id = "uname"
Size= "2 5 " />
</label>
<label for = "password">密码:
<input name = "password" type = "password" id = "pword"size = "25"/>
</label>
<label for = "verifycode">验证码:
<input name = "verifycode" type = "text" class = "verifycode"id = ""vcode"
Size = "10 " maxlength= "4" />
<img src = "code . asp " onclick = " j avascript : this . src = "code . asp? tm= " +
Math. Random() style = " cursor : pointer"alt = "单击更换"title = "单击更换"/>
</label>
<p class = "center">
<input name= "reset" type = " 8,"class = "submit"value = "清除数据"/>
<input type = " 9" name = "submit "class = "submit " vahlue = "管理登陆"/>
</p>
</form>
</body>
</html>
A.pword B.where C.uname D.vcode E.reset
F.submit G.rs H.sql I.Not
以下是该后台管理登录页面login.asp的部分代码,请仔细阅读该段代码,根据上图将横线处的空缺代码补齐。
<! -- # include file= "conn . asp" - >
<! -- # include file= "md5 . asp"-->
<! -- # include file=",bbb.asp"-->
<%
If request . Form("submit") = "管理登陆" Then
User name= request. Form (" 1")
Password = request.Form(" 2")
Verifycode = request.Form(" 3")
If user name = " " Then
Call infoback("用户名不能为空!")
End If
……
Set 4= server.CreateObj ect ("adodb . recordset")
Sq1 = "select * from administrator 5 user name = " "&user_nam"amehe&" "
And password= " "&md5 (password) &"""
rs. Open 6, conn, 1,1
If 7 rs. EOF Then
Session ("user name") = user name
response . redirect"information . asp"
Else
Call infoback("用户名或密码错误!" )
End If
End If
%>
<html>
……
<body>
<form method = "post " action = " login * asp " id = "login ">
<hl>管理员登陆</hl>
<label for = "user name">用户名:
Input name = "user name" type = "text" class = "user name"id = "uname"
Size= "2 5 " />
</label>
<label for = "password">密码:
<input name = "password" type = "password" id = "pword"size = "25"/>
</label>
<label for = "verifycode">验证码:
<input name = "verifycode" type = "text" class = "verifycode"id = ""vcode"
Size = "10 " maxlength= "4" />
<img src = "code . asp " onclick = " j avascript : this . src = "code . asp? tm= " +
Math. Random() style = " cursor : pointer"alt = "单击更换"title = "单击更换"/>
</label>
<p class = "center">
<input name= "reset" type = " 8,"class = "submit"value = "清除数据"/>
<input type = " 9" name = "submit "class = "submit " vahlue = "管理登陆"/>
</p>
</form>
</body>
</html>
A.pword B.where C.uname D.vcode E.reset
F.submit G.rs H.sql I.Not
填空题
[问题2]
1.在登录页面login.Asp中通过<! -- # include file="bbb.asp"-->导入了bbb.Asp的代码,以下是bbb.asp的部分代码,请仔细阅读该段代码,将空缺代码补齐。
<%
Dim GetFlag Rem(提交方式)
Dim ErrorSq1 Rem(非法字符)
Dim RequestKey Rem(提交数据)
Dim For1 Rem(循环标记)
ErrorSq1 = ¨"~;~and~(~)~)-exec~update-.count~ * ~ % ~chr~mid~master~truncate~char~declare"Rem(每个敏感字符或者词语请使用半角”~”格开)
ErrorSq1 = Split(ErrorSq1,"~")
If Request.ServerVariables("REQUEST METHOD") ="GET" Then
GetFlag = True
Else
GetFlag = False
End If
If GetFlag Then
For Each RequestKey In Request.QueryString
For Forl = 0 To UBound(ErrorSql)
If InStr (LCase (Request.QueryString (RequestKey), ErrorSql
(Forl)<>0 Then
Response.Write"<script>alert(" "警告,:\n请不要使用特殊字符\n
比如英文的单引号" ");history.go (-1);</script>"
Response. 1
2
Next
3
4
For Each RequestKey In Request.Form
For Forl = 0 To UBound(ErrorSql)
……
%>
A.Else B.Endlf C.End D.Next
2.根据上述代码可以判断,登录页面login.Asp导入bbb.Asp的代码的目的是 5。
1.在登录页面login.Asp中通过<! -- # include file="bbb.asp"-->导入了bbb.Asp的代码,以下是bbb.asp的部分代码,请仔细阅读该段代码,将空缺代码补齐。
<%
Dim GetFlag Rem(提交方式)
Dim ErrorSq1 Rem(非法字符)
Dim RequestKey Rem(提交数据)
Dim For1 Rem(循环标记)
ErrorSq1 = ¨"~;~and~(~)~)-exec~update-.count~ * ~ % ~chr~mid~master~truncate~char~declare"Rem(每个敏感字符或者词语请使用半角”~”格开)
ErrorSq1 = Split(ErrorSq1,"~")
If Request.ServerVariables("REQUEST METHOD") ="GET" Then
GetFlag = True
Else
GetFlag = False
End If
If GetFlag Then
For Each RequestKey In Request.QueryString
For Forl = 0 To UBound(ErrorSql)
If InStr (LCase (Request.QueryString (RequestKey), ErrorSql
(Forl)<>0 Then
Response.Write"<script>alert(" "警告,:\n请不要使用特殊字符\n
比如英文的单引号" ");history.go (-1);</script>"
Response. 1
2
Next
3
4
For Each RequestKey In Request.Form
For Forl = 0 To UBound(ErrorSql)
……
%>
A.Else B.Endlf C.End D.Next
2.根据上述代码可以判断,登录页面login.Asp导入bbb.Asp的代码的目的是 5。