1. 首頁
  2. 問答
  3. ASP SQL中的錯誤

ASP SQL中的錯誤

2012-07-03 36 views
0

錯誤說: BOF或EOF都爲True,或者當前記錄已被刪除。請求的操作需要當前記錄。ASP SQL中的錯誤

我有代碼從另一個站點接收一個編號的編號,並編輯與編號匹配的數據。

<body>  
<table style="width: 100%"> 
    <tr> 
    <!-- #include file="header.html"--> 
     </tr> 
</table> 
<table> 
<tr > 
<td style="width:885px" class="style2" > 
<% 
set conn=Server.CreateObject("ADODB.Connection") 
conn.Provider="Microsoft.Jet.OLEDB.4.0" 
conn.Open "C:\inetpub\wwwroot\library\database.mdb" 
cid=Request.Form("number") 
if Request.form("firstname")="" then 
set rs=Server.CreateObject("ADODB.Recordset") 

    rs.open "SELECT * FROM users WHERE no='" & cid & "'",conn 
    %> 
<form method="post" action="change.asp"> 
<table> 
    <%for each x in rs.Fields%> 
    <tr> 
    <td><% Response.Write(x.name)%></td> 
    <td><input name='<%Response.Write(x.name)%>' value='<%Response.Write(x.value)%>'></td> 
    <%next%> 
    </tr> 
    </table> 
    <br /><br /> 
    <input type="submit" value="Update record"> 
    </form> 
<% 
else 
    sql="UPDATE users SET " 
    sql=sql & "firstname='" & Request.Form("firstname") & "'," 
    sql=sql & "lastname='" & Request.Form("lastname") & "'," 
    sql=sql & "Gender='" & Request.Form("Gender") & "'" 
    sql=sql & " WHERE no='" & cid & "'" 
    on error resume next 
    conn.Execute sql 
    if err<>0 then 
    response.write("No update permissions!") 
    else 
    response.write("Record " & cid & " was updated!") 
    end if 
end if 
conn.close 
%> 


</td> 
<td><!--#include file="sideMenu.html"--> 
</td> 
</tr> 
</table> 
</body>

來源

2012-07-03 Omar Al-hamawi

+7

奧馬爾,你知道,這代碼有一個重大的安全漏洞?用戶可以輸入任何內容作爲「cid」,並將其直接傳遞到數據庫(包括刪除表,返回密碼等的命令)。當然,您已將整個數據庫置於wwwroot下,因此用戶可能只是無論如何下載它...我希望這不是真正的生產代碼。 –

回答

1 
<body>  
    <table style="width: 100%"> 
     <tr> 
     <!-- #include file="header.html"--> 
      </tr> 
    </table> 
    <table> 
    <tr > 
    <td style="width:885px" class="style2" > 
    <% 
    set conn=Server.CreateObject("ADODB.Connection") 
    conn.Provider="Microsoft.Jet.OLEDB.4.0" 
    conn.Open "C:\inetpub\wwwroot\library\database.mdb" 
    cid=Request.Form("number") 
    if Request.form("firstname")="" then 
    set rs=Server.CreateObject("ADODB.Recordset") 

    rs.open "SELECT * FROM users WHERE no=" & cid ,conn 

    If rs.EOF Then 

     Response.Write "There is no data for this user in the database" 

    Else 

    %> 
    <form method="post" action="change.asp"> 
    <table> 

    <%for each x in rs.Fields%> 
    <tr> 
     <td><%=x.name%></td> 
     <td><input name='<%=x.name%>' value='<%=x.value%>'></td> 
    </tr>   
    <%next%>   

    </table> 
     <br /><br /> 
    <input type="submit" value="Update record"> 
    </form> 
    <% 

    End If 

    rs.Close 
    Set rs = Nothing 

    else 
     sql="UPDATE users SET " 
     sql=sql & "firstname='" & Request.Form("firstname") & "'," 
     sql=sql & "lastname='" & Request.Form("lastname") & "'," 
     sql=sql & "Gender='" & Request.Form("Gender") & "'" 
    sql=sql & " WHERE no=" & cid 
    on error resume next 
    conn.Execute sql 
    if err<>0 then 
     response.write("No update permissions!") 
    else 
     response.write("Record " & cid & " was updated!") 
    end if 
    end if 
    conn.close 
    %> 


    </td> 
    <td><!--#include file="sideMenu.html"--> 
    </td> 
    </tr> 
    </table> 
    </body>

來源

2012-07-03 02:01:38

+0

仍然具有相同的錯誤 該行中的錯誤 ​​

+0

你的代碼在哪行? –

+0

line number 25 ​​

0

權限的問題?檢查II是否有權讀取數據庫表。 此外,在這條線

if Request.form("firstname")="" then

我通常使用

if Request.form("firstname") & ""="" then

來源

2012-07-07 22:14:43 Claudio

相關問題

 相關問題