ASP error: parentheses cannot be used to call subprograms.

Today, we are dealing with the security issues of the electronic appliance trading network (www.hifi168.net. The file upload vulnerability is a pain point for ASP websites. When dealing with this problem, a dual-layer mechanism is used:

1. check user permissions. The background permission is controlled by session, which is easy to implement.

2. Source Page detection. Where did the file come from? Can I create a local site and post the page to a remote site? I am not dedicated to Trojan Horse mounting and have never been tested. However, to prevent this situation, you must check the source page for receiving the uploaded file. The request. servervariables ("http_referer") parameter is used. This parameter can obtain the Source Page address of the incoming data. Make a judgment on it. If it is submitted within the site, it will be accepted. If it is submitted outside the site, it will be rejected (I want to turn to some websites that contain viruses, but I don't have a proper website on hand, I will forget it ).

As for the above error:

Microsoft VBScript compiler error (0x800a0414)
Call subaccountProgramBrackets are not allowed.

It is encountered when calling a function. If a function contains more than two parameters, the calling method is annoying. The principle is: parentheses are added when there is a call, and no parentheses are used when there is no call. But there are also exceptions, that is, calling a function in a method can be left with no call and parentheses, for example:

Response. Write (myfunction (parameter1, parameter2 ))

As for how to add spaces between parameters or whether the return value affects the function calling method, refer to the following materials, but I do not think it is correct!

The following network references are only for reference, which is not guaranteed to be correct!

Generally, this error occurs when no return value is returned during the call process. It should be said that the call parameter value assignment is incorrect. This error can be solved by calling.
A process call that does not return a value cannot be enclosed in parentheses. It should be written in this way.
Treesort cat_id, childcount

If you are not used to it, you can add a call before it.
Call treesort (cat_id, childcount)

That is to say, parentheses are added when there is a call, and no parentheses are used when there is no call. In addition, a space must be added between the function name and parameter.

 

 

In addition, the caller displaysWhen calling a subroutine, parentheses such as set ("AB", 90) cannot be used.