In the user name, enter the user's system with 'or' '=' to enter the person with 'or' '=' in the password input box. A typical error procedure is as follows: private void login_ok_Click (object sender, System.EventArgs e) {string sqlstr = "select * from company_admin where username = '" username.Text "' and password = '" password.Text "'"; // this one: typical SQL vulnerability SqlConnection myconn = new SqlConnection (ConfigurationSettings.AppSettings [ "connstr"]); SqlCommand mycomm = new SqlCommand (sqlstr, myconn); try {myconn.Open (); SqlDataReader dr; dr = mycomm .ExecuteReader (); if (DR.Read ()) {session ["username"] = username.text; session ["password"] = password.text; session ["Rights"] = DR ["Rights"]. Totring (); response.redirect ("index.aspx");} else {go_wrong.text = "Sorry, your username or password cannot be empty and need to enter accurately!";}} Catch (Exception ER) {Go_Wrong .Text = Er.TOString ();} finally {myconn.close ();}} /// string sqlstr = "SELECT * from company_admin where username = '" username.text "' and password = '" password. TEXT "'";
This sentence: Typical SQL vulnerability can be rewritten as: string sqlstr = "select * from company_admin where username = @ username and password = @ password"; or use stored procedures to submit to data when it is submitted to data ("" '","' '"Conversion can also use parameter sqlcommand cmd = new sqlcommand (" SELECT * homeTable where username = @ user and password = @ PWD ", conn); cmd.param ***. Add (" @user "," User Name "); cmd.param ***. Add (" @PWD "," password "); of course, MD5 can be encrypted
