Two days ago, I was working on an in-site version of the enterprise search engine and found that some sites can link to site content. .
I looked at it strangely and it turned out that it was linked according to the automatic numbering rules of the database ID~~
I have done the following in my spare time, hoping it will be helpful to everyone in the future writing ASP programs!
<%
''// Generate random number of specified digits
''//You can also use the iXuEr_Rnd_Str function written in Guidy, which comes with 15 styles, and you can pseudo MD5!!
FunctionrndStr(strLong)
DimtempStr
Randomize
DoWhileLen(rndStr)<strLong
tempStr=CStr(Chr((57-48)*rnd+48))
rndStr=rndStr&tempStr
Loop
rndStr=rndStr
EndFunction
%>
The following is a parameter submitted in the Form form as an example for Request.Form. The original value of the parameter doAction that needs to be passed is the ID read from the database.
<formname=iformaction="ABC.asp"method="post">
<inputname=doActiontype="hidden"value="<%=rndStr(10)%><%=Rs("ID")%><%=rndStr(10)%>">
</form>
Notice:
The value of the doAction above has changed, and the value obtained every time the page is refreshed is different~~
Below is the ABC.asp page
First get the value of doAction
doAction=Trim(Request.Form("doAction"))
Below you can add some verifications yourself, such as IsNumeric, etc.
Then let's break down the value of doAction
DimLastID
doAction=Mid(doAction,11)
LastID=Mid(doAction,1,Len(doAction)-10)
If you are familiar with Mid functions, the above content is easy to guess, isn't it simple?
Here are the actual examples:
The value of the ID to be passed by the original doAction in the database (field type is automatically numbered) is: 34
illustrate:
11 in Mid(doAction,11) generates a number of random characters + 1
10 in LastID=Mid(doAction,1,Len(doAction)-10) is the number of random character digits generated by the specified number!
DimLastID
doAction=3614354944348151287527—The ID value after disguised (can be verified as a number)
doAction=Mid(doAction,11)
LastID=Mid(doAction,1,Len(doAction)-10)
LastID=34
I experimented and if used with randomly generated letters and numbers, it can be completely faked as a value similar to MD5!
There is only one condition, and you must specify the number of bits of random characters!
Haha, now everyone can output the LastID value of Response.Write to see if it is the ID in the database again?