allora ho scritto questo :
codice:<% Dim user, password, BlackList(32) BlackList(32) = Array("/*", "*/", "@@", "declare", "delete", "drop", "exec", "execute", "fetch", "insert", "kill", "open", "select", "sys", "sysobjects", "syscolumns", "table", "update", "script", "xp", "555044415445", "757064617465", "736372697074", "534352495054", "65786563", "45584543", "696E73657274", "494E53455254", "64656C657465", "44454C455445", "varchar", "'") user = Request.Form("user") password = Request.Form("password") for each x in Blacklist(32) If (InStr(user, x) <> 0 Or InStr(password, x) <> 0) Then response.redirect ("/") end if next Set RSlogin = connect.Execute("Select * From Login Where user = '"&user&"' And password = '"&password&"'") If Not RSlogin.EOF Then Session("inne") = True end if if Session("inne") = True then %>
funziona!!! ma esegue il login anche se non inserisco la password, con la user esatta.
Rispondi quotando