http://localhost:800/design.asp?p_cata=25 是正常的.当地址栏输入http://localhost:800/design.asp 或http://localhost:800/design.asp?p_cata= 或http://localhost:800/design.asp?p_cata=dfsd 不是数字或乱码的时候.asp 作个判断. 不同的情况下作出不同的输出.以下是我做的判断.还不全.if not isnumeric(request.querystring("p_cata")) and request.querystring("p_cata")="" and request.querystring("p_cata")<>"" thenset rs=server.CreateObject("adodb.recordset")Ssql="select * from product where py_id=0" 'py_id 0在数据库固定的rs.open Ssql,conn,1,1temp=1elseset rs=server.CreateObject("adodb.recordset")Ssql="select * from product where p_cate="&Trim(Request.QueryString("p_cata"))rs.open Ssql,conn,1,1temp=1end if
1 回答
ITMISS
TA贡献1871条经验 获得超8个赞
if not isnumeric(request.querystring("p_cata")) or request.querystring("p_cata")="" or request.querystring("p_cata")<>"" then
response.write "<script language='javascript'>alert('参数错误');history.go(-1);</script>"
else
set rs=server.CreateObject("adodb.recordset")
Ssql="select * from product where p_cate="&Trim(Request.QueryString("p_cata"))
rs.open Ssql,conn,1,1
temp=1
end if
以上你仔细品味一下
添加回答
举报
0/150
提交
取消