如过直接以
http://xxxx.xxxx.net/ShowForum.aspx?id=2&rootID=0&userName=myUserName
就会发现,直接把参数信息显示在Client端了.别有用心的人,可能会对你的服务器进行攻击
(本文来源于图老师网站,更多请访问https://m.tulaoshi.com) 如果在Client这样显示.
http://xxxx.xxxx.net/ShowForum.aspx?bdefEdGa=DEdscFDW&aHJdIDesk=esOddEsA&dsERsdwS=SdEEsaDY
下面我把这样实现的C#.net代码贴出,如大家要转载,请保留本人的版权。
/*
*Description:加密路径信息后,输出到Client端
*Auther:天很蓝_崇崇
*Email:yc_chongchong@tom.com
*Dates:2005-01-18
*Copyright:ChongChong2008 YiChang HuBei China
*/
using System;
using System.Collections;
using System.ComponentModel;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.IO;
using System.Text;
using System.Text.RegularExpressions;
using System.Data.SqlClient;
using System.Configuration;
//导入自定义的类库
using _3Layer.DataLayer.DataCommon;
using _3Layer.DataLayer.DataCommon.DataAccess;
using Library.ClassLibrary.Crypt.DES;
namespace CHONGCHONG.XML
public class RenderingXML : System.Web.UI.Page
{
/// <summary
/// 从数据库预生成XML数据源
/// </summary
private void PreRenderXML()
{
string strSQL = "select语句略去........................;
myDataLayer.Open();
RenderingXml="<?xml version='1.0' encoding='gb2312'?rn";
RenderingXml+="<xmlrn";
try
{
System.Data.SqlClient.SqlDataReader myDR = (SqlDataReader)myDataLayer.ExecuteReader( strSQL );
while(myDR.Read())
{
RenderingXml+="<TreeNode id='"+myDR["BoardID"]+"'rn";
RenderingXml+="<NodeText"+myDR["BoardName"]+"</NodeTextrn";
RenderingXml+="<title"+myDR["Title"]+"</titlern";
RenderingXml+="<NodeUrl"+EncodeHTML( EncodeParameter( myDR["Link"].ToString() ) )+"</NodeUrlrn";
RenderingXml+="<child"+myDR["children"]+"</childrn";
RenderingXml+="<target"+myDR["Target"]+"</targetrn";
RenderingXml+="</TreeNodern";
}
}
catch(System.Data.SqlClient.SqlException ee)
{
return ;
}
finally
{
myDataLayer.Close() ;
}
RenderingXml+="</xml";
byte[] bytResult = Encoding.Default.GetBytes( RenderingXml ) ;
Response.ContentType = "text/xml" ;
Response.BinaryWrite( bytResult ) ;
}
/// <summary
/// Description:加密路径参数
/// </summary
/// <param name="sourParameter"</param
/// <returns</returns
private string EncodeParameter( string sourParameter )
{
string startString = String.Empty ;
string endString = String.Empty ;
StringBuilder destParameter = new StringBuilder() ;
if( sourParameter == null || sourParameter.Equals("") )
{
destParameter.Append( String.Empty ).ToString() ;
