ASP is just a technology and a running environment. Not all back-end management systems are asp. They can also be PHP or JSP or CGI or ASPX or other technologies. It's just that ASP is a more popular technology at present.
The 'or'='or' loophole you mentioned is just a logical loophole in program writing, not a loophole in ASP itself. This loophole is called an Injection injection loophole. Its principle is as follows: when the user inputs When using the user name and password, submit a carefully constructed user name a or username<>'a, the password is: a or pwd<>'a, and the program's judgment statement is: select * from user_table where username=username and pwd=password However, after taking the username and password above, it becomes: select * from user_table where username=a or username<>a and pwd=a or pwd<>a, becomes the above SQL statement. In this case, a logical loophole occurs. The program will think that the user name and password are correct, and will assign the user name to the correct session, thus entering Behind the scenes, the solution is to use the replace() function to filter out ', and again to limit the number of characters entered in the username and password input boxes. In fact, if the other party does not know the username and password fields in the database, it cannot be cracked successfully. of.