是什么?
---------------------------------------------------------------
你是说登录时用户名和密码都写 '' or ''
---------------------------------------------------------------
admin'or'1'='1
---------------------------------------------------------------
where 字段'or'1'='1
---------------------------------------------------------------
这个主要是由于sql查询语句造成的:
select * from admin where username='"&username&"' and password='"&password&"'"
输入了
admin'or'1'='1
就变成了:
select * from admin where username='"&admin'or'1'=1&" and password='"&password&"'"
就获得了权限,呵呵!
---------------------------------------------------------------
把"'"替换成2个"'",即"''"