●Bolean data can also be converted in this way:
share=true
sharex=not(sharex)
sharex
The result is false
Lots of missing if judgment 15:49 2006-3-29
●Insert data containing '(single quotes):
title=replace(title,"'","''")
Set update=("insert into netcang(title) Values('"&title&"')")
●Filtering of passing parameters:
Number type: cint() or IsNumeric(), and the same type also includes clng()...
●Restrict IP voting:
For more stringent voting projects, it is not possible to restrict IP voting only. The methods for motivated people are as follows:
1. Change the IP address (slow)
2. Submit directly after network packet analysis (fast)
●There is a trick in VB:
This method is generally used when checking whether a string is empty
If = "" then
end if
If using
If Len() = 0 then
end if
Efficiency will be greatly improved
So what about ASP? I haven't studied it, but I will use the latter method in the future. 20:13 2006-3-29
●ASP's one-sentence * application conditions:
1. The database suffix is a suffix that can run such as asp or asa (same asp files)
2. No prevention download table processing is done
Therefore, the current * application environment is some small and fledgling sites or corporate sites (producers are office workers, and they use DW to create ASP).
●Improving access speed
Try to write name fields as much as possible in SQL statements. Select * from table is much slower than select id, filed from table
If a field is used multiple times, first assign it to the variable, such as:
id=rs("id")
The first call shows: <%=id%><br>
The second call shows: <%=id%>
It is said that rs(0) is faster than rs(id).
●Page loading time:
<%startime=timer()
……
endtime=timer()
%>
Code execution time: <%=formatnumber((endtime-startime)*1000,3)%>ms
●Uploading files is always the key to security
●Inspiration can be flashed when breathing fresh air or exercise
●Try to use your own things when making programs, such as the vulnerability of eWebEditor editor in a certain period. If you don’t pay attention to security, you are afraid that many programmers will not know that their programs are affected by them.
●Table field settings
Whether it is a table or a field, it is best to prefix the name, such as kuhanzhu_admin, which can reduce the number of injection prevention due to negligence. When there is injection, the tool cannot guess it, so it can only be manually detected, which undoubtedly increases the difficulty of injection detection.
●The forum or friends can give you a lot of help, and can even provide you with code that is highly efficient in running.
●For multi-user systems such as forums or systems that can be registered, please pay attention to the problem of offline submissions that lead to modification of other people's information when users modify. The solution is to strictly confirm that the submitted information corresponds to the data in the database (such as password confirmation, etc.)
● When users use cookies to operate database changes, they should pay attention to cookies injection.
●If the file is stored in UTF-8 format. When submitting in A and GET mode, there is a problem with even characters, which means there is no problem with submitting even characters. If the last character of the odd number of characters is submitted, there will be garbled code.
●Format number 1: <%=FormatNumber("4102.225", 2)%> Suitable for special purposes, sometimes it cannot be done without him.
●Caesar Secret:
Encryption process:
Password: C=M+K (mod 26)
Decryption process:
Plain text: M=C-K (mod 26)
For learning only, reprinting is prohibited~
●Carriage return character: chr(13)<=>%0D%0A
share=true
sharex=not(sharex)
sharex
The result is false
Lots of missing if judgment 15:49 2006-3-29
●Insert data containing '(single quotes):
title=replace(title,"'","''")
Set update=("insert into netcang(title) Values('"&title&"')")
●Filtering of passing parameters:
Number type: cint() or IsNumeric(), and the same type also includes clng()...
●Restrict IP voting:
For more stringent voting projects, it is not possible to restrict IP voting only. The methods for motivated people are as follows:
1. Change the IP address (slow)
2. Submit directly after network packet analysis (fast)
●There is a trick in VB:
This method is generally used when checking whether a string is empty
If = "" then
end if
If using
If Len() = 0 then
end if
Efficiency will be greatly improved
So what about ASP? I haven't studied it, but I will use the latter method in the future. 20:13 2006-3-29
●ASP's one-sentence * application conditions:
1. The database suffix is a suffix that can run such as asp or asa (same asp files)
2. No prevention download table processing is done
Therefore, the current * application environment is some small and fledgling sites or corporate sites (producers are office workers, and they use DW to create ASP).
●Improving access speed
Try to write name fields as much as possible in SQL statements. Select * from table is much slower than select id, filed from table
If a field is used multiple times, first assign it to the variable, such as:
id=rs("id")
The first call shows: <%=id%><br>
The second call shows: <%=id%>
It is said that rs(0) is faster than rs(id).
●Page loading time:
<%startime=timer()
……
endtime=timer()
%>
Code execution time: <%=formatnumber((endtime-startime)*1000,3)%>ms
●Uploading files is always the key to security
●Inspiration can be flashed when breathing fresh air or exercise
●Try to use your own things when making programs, such as the vulnerability of eWebEditor editor in a certain period. If you don’t pay attention to security, you are afraid that many programmers will not know that their programs are affected by them.
●Table field settings
Whether it is a table or a field, it is best to prefix the name, such as kuhanzhu_admin, which can reduce the number of injection prevention due to negligence. When there is injection, the tool cannot guess it, so it can only be manually detected, which undoubtedly increases the difficulty of injection detection.
●The forum or friends can give you a lot of help, and can even provide you with code that is highly efficient in running.
●For multi-user systems such as forums or systems that can be registered, please pay attention to the problem of offline submissions that lead to modification of other people's information when users modify. The solution is to strictly confirm that the submitted information corresponds to the data in the database (such as password confirmation, etc.)
● When users use cookies to operate database changes, they should pay attention to cookies injection.
●If the file is stored in UTF-8 format. When submitting in A and GET mode, there is a problem with even characters, which means there is no problem with submitting even characters. If the last character of the odd number of characters is submitted, there will be garbled code.
●Format number 1: <%=FormatNumber("4102.225", 2)%> Suitable for special purposes, sometimes it cannot be done without him.
●Caesar Secret:
Encryption process:
Password: C=M+K (mod 26)
Decryption process:
Plain text: M=C-K (mod 26)
For learning only, reprinting is prohibited~
●Carriage return character: chr(13)<=>%0D%0A