设置我的var:
Foo = request("Bar")
构建SQL查询:
John.Source = "SELECT ID, Name FROM dbo.USER where Name = '"&Foo&"' and ID = '1'"
我在某个项目中找到了这个,这是否为SQLi打开了大门?
sql-injection asp-classic
asp-classic ×1
sql-injection ×1