我有一个表单,在提交时会转到以下登录脚本。
<%
Dim myConnection As System.Data.SqlClient.SqlConnection
Dim myCommand As System.Data.SqlClient.SqlCommand
Dim requestName As String
Dim requestPass As String
requestName = Request.Form("userName")
requestPass = Request.Form("userPass")
Dim queryString As String = "SELECT COUNT(*) AS Num_Of_User FROM tblusers WHERE username='" & requestName & "' AND password='" & requestPass & "'"
myConnection = New System.Data.SqlClient.SqlConnection("Data Source=(local);InitialCatalog=dbtest;Integrated Security=True")
myCommand = New System.Data.SqlClient.SqlCommand(queryString, myConnection)
myConnection.Open()
Dim reader As System.Data.SqlClient.SqlDataReader = myCommand.ExecuteReader()
%>
现在理论上,我应该能够从SQL查询中获取Num_Of_User,如果它等于1,则登录成功。这是正确的方法吗?我怎样才能获得SQL返回的值?
答案 0 :(得分:4)
您可以使用该代码进行SQL注入。
如果您输入的用户名为' OR 2>1--
您需要更改以使用参数化查询。
Dim queryString As String = "SELECT COUNT(*) AS Num_Of_User FROM tblusers WHERE username=@username AND password=@password"
myConnection = New System.Data.SqlClient.SqlConnection("Data Source=(local);InitialCatalog=dbtest;Integrated Security=True")
myCommand = New System.Data.SqlClient.SqlCommand(queryString, myConnection)
myCommand.Parameters.AddWithValue("@username", requestName)
myCommand.Parameters.AddWithValue("@password", requestPass)
此外,您不会处理任何可能引发的异常,也不会处理您的对象。
您的代码应该更像以下内容。
Dim numUsers as Integer
Using myConnection as New System.Data.SqlClient.SqlConnection("Data Source=(local);InitialCatalog=dbtest;Integrated Security=True")
Dim queryString As String = "SELECT COUNT(*) AS Num_Of_User FROM tblusers WHERE username=@username AND password=@password"
Using myCommand as New System.Data.SqlClient.SqlCommand(queryString, myConnection)
myConnection.Open
myCommand.Parameters.AddWithValue("@username", requestName)
myCommand.Parameters.AddWithValue("@password", requestPass)
numUsers = myCommand.ExecuteScalar()
End Using
End Using
上面的代码将确保您的对象被处置,但不会处理可能抛出的任何异常。
答案 1 :(得分:1)
尝试myCommand.ExecuteScalar()
,它返回结果集第一行第一列的值 - 恰好是您在此处的值。
另外,请检查ASP.Net“内置”身份验证方法 - 这可能会为您节省一些精力。