表单验证与按键问题

Form validation with Key Press Issues

本文关键字:问题 验证 表单      更新时间:2023-09-26

昨晚,我接到主管的电话,说当他试图用虚拟密码登录我们的应用程序时,他的验证成功了。

事实证明,单击鼠标验证密码工作正常,因为使用无效密码的用户被拒绝访问。

但是,输入密码并按下键盘上的ENTER键将允许用户访问系统。

有人知道为什么会发生这种情况以及如何防止它继续发生吗?

   Protected Sub btn_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btn.Click
        Dim StrPass As String
        Dim BValid As Boolean
        Dim rs As SqlDataReader
        Dim StrSQL As String
        'Protect against SQL Injection
        StrPass = Replace(txtPass.Text, "'", "''", 1, -1, 1)
        ' This is our boolean variable for validation purposes set to true if valid user
        BValid = False

        StrSQL = "select * from users u " & _
       " Where u.pass =@pass"
        ' Initialize Database Connection
        Dim connStr As String = ConfigurationManager.ConnectionStrings("dbconn").ConnectionString
        Dim conn As New SqlConnection(connStr)
        Dim cmd As New SqlCommand(StrSQL, conn)
        'We use parametized query to prevent sql injection attack
        Dim p1 As New SqlParameter("@pass", StrPass)
        cmd.Parameters.Add(p1)
        'Now open connection to the db
        conn.Open()
        'open recordset to receive db values
        rs = cmd.ExecuteReader()
           While rs.Read()
            If rs("pass") <> "" Then
                Session("pass") = txtPass.Text
                BValid = True
            Else
            End If
        End While
        ' No leaking allowed
        conn.Close()
        ' This handles all response per validation
        If BValid = True Then
            dbto.Hide()
        Else
            'If all else fails, then reject their athentication attempt and let them hear it.
            lblWrong.Text = "Incorrect pass entered."
        End If
    End Sub

的标记

    <tr>
        <td>
            <asp:Label runat="server" ID="lblPass" Text="Please enter Password: " Font-Size="14pt"/>
            <asp:TextBox runat="server" ID="txtPass" TextMode="Password" />
        </td>
    </tr>
    <tr>
        <td>
            <asp:Button ID="btn" runat="server" Text="Submit" />
        </td>
    </tr>
    <tr>
        <td>
            <asp:Label ID="lblWrong" runat="server" ForeColor="Red" Font-Names="Tahoma" />
        </td>
    </tr>

把你的内容放在面板上,并分配默认按钮。

相关文章: