0

問題:検索があります。ユーザーが結果のないクエリを実行するまでは正常に機能します。それが発生すると、ドロップダウン(SQLからオプションを取得し、動作を停止します)。代わりに次のようになります。

<option label=' <font face="Arial" size=2>
<p>ADODB.Field</font> <font face="Arial" size=2>error '80020009'</font>
<p>
<font face="Arial" size=2>Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.</font>
<p>
<font face="Arial" size=2>/junk/dbinstant.htm</font><font face="Arial" size=2>, line 0</font>

これが発生すると、その下のすべてのコードが切断されるようです。

私が責任があると信じているコードは次のとおりです。

<%if request.querystring("abn") = "all" then 
response.write("")
else
response.write("<option label='")%><%=lcon("legal")%><%response.write("' value='")%><%=(src_abn)%><%response.write("' selected></option>'")
end if %>

全てのページ:

<%@ LANGUAGE="VBSCRIPT" %>
<%
pagetitle="Contractor Details"
%>
<!--#INCLUDE VIRTUAL="/_lib/include/header.htm"-->
<!--#INCLUDE VIRTUAL="/_lib/include/menu.htm"-->
<script>
$(document).ready(function() {
    $("#abn,#cat").change(function () {
    this.form.submit();
})
});
</script>
<div class="twoColumnRow">
<div class="twoColumnContent">
<p class="breadCrm"><a href="/index.htm">Home</a> <span>&gt;</span> <a href="/tools/index.htm">Tools of the Trade</a> <span>&gt;</span> <a href="/tools/finance/index.htm">Finance and Purchasing</a><span>&gt;</span> <a href="/tools/finance/procurement/index.htm">Procurement and Contracts information</a></p>
<div class="contentPad">
<!-- Start of main content -->

<p class="imageRight">&nbsp;</p>
<h1><%=pagetitle%></h1>

<%
        Dim connectString, connect, conDB, sconDB, lDB, con, scon, lcon, src_abn, src_cat
        connectString = "Driver={Microsoft Text Driver (*.txt; *.csv)}; DBQ=" & Server.MapPath("data")
              src_abn = Request.QueryString("abn")
              src_cat = Request.QueryString("cat")
        set connect = Server.CreateObject("ADODB.connection")
        connect.open connectString

        if src_abn = "all" and src_cat = "all" then
        conDB = "SELECT * FROM cont.csv"
        lDB = "SELECT * FROM cont.csv"
        elseif src_abn = "all" then
        conDB = "SELECT * FROM cont.csv WHERE " & src_cat & " = 'Yes'"  
        lDB = "SELECT * FROM cont.csv WHERE " & src_cat & " = 'Yes'"    
        elseif src_cat = "all" then
        conDB = "SELECT * FROM cont.csv WHERE ucase(abn) LIKE ucase('%"+src_abn+"%')"   
        lDB = "SELECT * FROM cont.csv WHERE ucase(abn) LIKE ucase('%"+src_abn+"%')" 
        else 
        conDB = " SELECT * FROM cont.csv WHERE " & src_cat & " = 'Yes' AND ucase(abn) LIKE ucase('%"+src_abn+"%')"
        lDB = " SELECT * FROM cont.csv WHERE " & src_cat & " = 'Yes' AND ucase(abn) LIKE ucase('%"+src_abn+"%')"
        end if

        sconDB = "SELECT * FROM cont.csv"   

        set con = connect.execute(conDB)
        set scon = connect.execute(sconDB)
        set lcon = connect.execute(lDB)
%>
<h2>Search results</h2><hr />
<% if not con.BOF then %>
<div style="margin-top:1em">

  <form action="dbinstant.htm" method="get">

      <p>Company name:1<br/>
      <select id="abn" name="abn">
        <option label="All companies" value="all" <%if request.querystring("abn") = "all" then response.write("selected") %>></option>
        <%if request.querystring("abn") = "all" then 
        response.write("<option label='All companies' value='all' selected></option>")
        else
        response.write("<option label='")%><%=lcon("legal")%><%response.write("' value='")%><%=(src_abn)%><%response.write("' selected></option>'")
        end if %>
        <% while (NOT scon.EOF) %>
        <option label="<%=scon("legal")%>" value="<%=scon("abn")%>" <%if request.querystring("abn") = "response.write(src_abn)" then 
        response.write("selected") 
        end if %>></option>
        <%scon.MoveNext()
                          Wend %>
      </select>
      </p>
     <p>Categories for Creative Design:<br/>
      <select id="cat" name="cat">
        <option class="group" label="All categories" value="all" <%if request.querystring("cat") = "all" then response.write("selected") %>></option>
        <option class="group" label="Strategic brand, marketing and communications advice" value="a" <%if request.querystring("cat") = "a" then response.write("selected") %>></option>
        <option class="group" label="Graphic design and layout" value="b" <%if request.querystring("cat") = "b" then response.write("selected") %>></option>
        <option class="group" label="Forms design" value="c" <%if request.querystring("cat") = "c" then response.write("selected") %>></option>
        <option class="group" label="Web design and development" value="d" <%if request.querystring("cat") = "d" then response.write("selected") %>></option>
        <option class="group" label="Authoring services" value="e" <%if request.querystring("cat") = "e" then response.write("selected") %>></option>
        <option class="group" label="Editorial services" value="f" <%if request.querystring("cat") = "f" then response.write("selected") %>></option>
        <option class="group" label="Translation services" value="g" <%if request.querystring("cat") = "g" then response.write("selected") %>></option>
        <option class="group" label="Photography and film services" value="h" <%if request.querystring("cat") = "h" then response.write("selected") %>></option>
        <option class="group" label="Scanning and digitisation services" value="i" <%if request.querystring("cat") = "i" then response.write("selected") %>></option>
        <option class="group" label="Multimedia editing services" value="j" <%if request.querystring("cat") = "j" then response.write("selected") %>></option>
      </select>
    </p>
    <input type="submit" value="Search" />
  </form>
  <br /><hr />

    <table style="font-size:.9em;" class="contentTable">
          <tr>
                <th>ABN:</th>
                <th>Company Name:</td>
          </tr>
  <% con.Movefirst() %>
  <% while (NOT con.EOF) %>
          <tr>
                <td width="120px"><%=con("abn")%></th>
                <td><a href="dbcomp.htm?abn=<%=con("abn")%>&cat=all"><%=con("legal")%></a></td>
          </tr>
  <%
    con.MoveNext()
    Wend
  %>
</table>

</div>
<% else %>
    <% scon.Movefirst() %>
  <form action="dbinstant.htm" method="get">

      <p>Company name:2<br/>
      <select id="abn" name="abn">
        <option label="All companies" value="all" <%if request.querystring("abn") = "all" then response.write("selected") %>></option>
        <%if request.querystring("abn") = "all" then 
        response.write("")
        else
        response.write("<option label='")%><%=lcon("legal")%><%response.write("' value='")%><%=(src_abn)%><%response.write("' selected></option>'")
        end if %>

        <% while (NOT scon.EOF) %>
        <option label="<%=scon("legal")%>" value="<%=scon("abn")%>" <%if request.querystring("abn") = "response.write(src_abn)" then 
        response.write("selected") 
        end if %>></option>
        <%scon.MoveNext()
                          Wend %>
      </select>
      </p>
     <p>Categories for Creative Design:<br/>
      <select id="cat" name="cat">
        <option class="group" label="All categories" value="all" <%if request.querystring("cat") = "all" then response.write("selected") %>></option>
        <option class="group" label="Strategic brand, marketing and communications advice" value="a" <%if request.querystring("cat") = "a" then response.write("selected") %>></option>
        <option class="group" label="Graphic design and layout" value="b" <%if request.querystring("cat") = "b" then response.write("selected") %>></option>
        <option class="group" label="Forms design" value="c" <%if request.querystring("cat") = "c" then response.write("selected") %>></option>
        <option class="group" label="Web design and development" value="d" <%if request.querystring("cat") = "d" then response.write("selected") %>></option>
        <option class="group" label="Authoring services" value="e" <%if request.querystring("cat") = "e" then response.write("selected") %>></option>
        <option class="group" label="Editorial services" value="f" <%if request.querystring("cat") = "f" then response.write("selected") %>></option>
        <option class="group" label="Translation services" value="g" <%if request.querystring("cat") = "g" then response.write("selected") %>></option>
        <option class="group" label="Photography and film services" value="h" <%if request.querystring("cat") = "h" then response.write("selected") %>></option>
        <option class="group" label="Scanning and digitisation services" value="i" <%if request.querystring("cat") = "i" then response.write("selected") %>></option>
        <option class="group" label="Multimedia editing services" value="j" <%if request.querystring("cat") = "j" then response.write("selected") %>></option>
      </select>
    </p>
    <input type="submit" value="Search" />
  </form>
  <br /><hr />
<p>No records match your query.</p>
<p><a href="dbtest.htm">Return to search page</a></p>
<%
  end if
  con.close
%>


<!-- End of main content -->
</div> <!-- end contentPad div -->
</div> <!-- end twocolumncontent div -->
<div class="twoColumnLinks">

<!--<div class="relatedLinks">
<h3>Related Links</h3>
<ul>
<li><a href="/index.htm">Related link 1</a></li>
</ul>
</div>--> <!-- end relatedlinks div -->
<!--#INCLUDE VIRTUAL="/_lib/include/quicklinks.htm"-->
<!--#INCLUDE VIRTUAL="/_lib/include/mylinks.htm"-->
</div> <!-- end twocolumnlinks div -->
</div> <!-- end twocolumnrow div -->
<!--#INCLUDE VIRTUAL="/_lib/include/footer.htm"-->
4

1 に答える 1

3

に変更con.BOFしてみてくださいcon.EOF

それに加えて、コードには深刻なSQLインジェクションの脆弱性があります。私はあなたがそれを知っていることを願っています:-)

たとえば、このようなものを変更したい

conDB = "SELECT * FROM cont.csv WHERE ucase(abn) LIKE ucase('%"+src_abn+"%')"

その中に

conDB = "SELECT * FROM cont.csv WHERE ucase(abn) LIKE ucase('%"+ Replace(src_abn, "'", "''") + "%')"

これらから始めます:

  1. 従来のASPSQLインジェクション保護
  2. ASPでのSQLインジェクションの防止
  3. ClassicASPからのSQLインジェクションのフィルタリング
于 2013-01-10T22:42:47.093 に答える