s=Trim(Request.Form("s"))
s2=Request.Form("s2")
If s2s Then
Response.Write("alert('请输入正确的认证码!');history.back()")
Response.End
end if
user=replace(trim(request.form("user")),"'","''")
password=replace(trim(request.form("password")),"'","''")
if instr(user,"%") or instr(user,"#") or instr(user,"?") or instr(user,"|") then
response.write "alert('您的姓名含有非法字符!');history.back()"
response.end
end if '====================检测姓名中是否含有非法字符
if instr(password,"%") or instr(password,"#") or instr(password,"?") or instr(password,"|") then
response.write "alert('您的密码含有非法字符!');history.back()"
response.end
end if '====================检测密码中是否含有非法字符
sql="select * from admin where admin='"&user&"' and password='"&password&"'"
set rs=conn.execute(sql)
if rs.eof then
Response.Write("alert('管理员姓名和密码错误!');history.back()")
Response.End
else
Session("admin")=user
session("flag")=rs("flag")
Response.Redirect("admin.asp") '=================如果验证成功刚引向管理员页面
end if
conn.close
set conn=nothing
%>
无标题文档
