ZRSZ (original)
At present, some people have SQL programming for programmers (estimated and called vulnerabilities: P), add such, for example,:; delete forum_forum; - This type of statement is used to perform DELETE operations for your database. This is caused by not programming. I give you a small way, perhaps this way is too dish, please don't laugh. :) EXAMLE: The process function is as follows: action1 = trim (Request.QueryString ()) if qft ( Action1,7) <> "Action =" The 'Limited QueryString must be an action = error (err01)' error handling elsection = request.QueryString ("action") 'get querystring value end ifselect copy Action' for QueryString "add" ..... Case "delete" ... Case Else 'If QueryString does not have this value, error handling error (ERR02) end select
