<%@ Page Language="C#" AutoEventWireup="true" CodeFile="TestSQLInjection.aspx.cs" Inherits="SQLInjection_TestSQLInjection" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>无标题页</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>
<br />
<asp:TextBox ID="TextBox3" runat="server"></asp:TextBox>
</div>
<asp:Button ID="btnPost" runat="server" onclick="btnPost_Click"
Text="获取Post数据" />
<asp:Button ID="btnGet" runat="server" onclick="Button2_Click" Text="获取Get数据" />
</form>
</body>
</html>
testsqlinjection.aspx.cs文件
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
public partial class SQLInjection_TestSQLInjection : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button2_Click(object sender, EventArgs e)
{
Response.Redirect("TestSQLInjection.aspx?Id=100&cc=200&dd=300");
}
protected void btnPost_Click(object sender, EventArgs e)
{
}
}