<% dim hotel_id,hotel_dh_id hotel_id=charstr(request("hotel_id")) hotel_dh_id=charstr(request("hotel_dh_id")) dim rs_xl88 set rs_xl88=conn_lxs.execute("select * from hotel_tab where hotel_id="&hotel_id&"") if rs_xl88.eof and rs_xl88.bof then response.Write("<script>alert(""ID信息不合法!可能被删除了!"");location.href=""index.asp"";</script>") end if dim rs_ddh,dh_name set rs_ddh=conn_lxs.execute("select * from hotel_dh_tab where hotel_dh_id="&hotel_dh_id&"") if rs_ddh.eof and rs_ddh.bof then dh_name="没有此导航!" else dh_name=trim(rs_ddh("hotel_dh_name")) end if rs_ddh.close set rs_ddh=nothing %>
我是新手 请问这段代码,做SQL防注入 |