Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 2010-1-31 12:57:42
Event time (UTC): 2010-1-31 4:57:42
Event ID: a7b5573c49d9423f9cc8c08ca293aa71
Event sequence: 10963
Event occurrence: 16
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1849279060/Root-2-129093771234687500
Trust level: Full
Application Virtual Path: /
Application Path: E:\homepage\xiangdang\
Machine name: HELLOWORLD
Process information:
Process ID: 3452
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: FormatException
Exception message: Input string was not in a correct format.
Request information:
Request URL: http://www.xiangdang.net/fanwen.aspx?id=18911' and char(124)+user+char(124)=0 and ''='
Request path: /fanwen.aspx
User host address: 60.181.156.60
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
Thread ID: 10
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at System.Int32.Parse(String s)
at ArticalDetial.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Custom event details:
有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。
------解决方案--------------------------------------------------------
你的查询参数是怎么写呢?
URL中的查询参数连接是用&符号:
如:
http://www.xiangdang.net/fanwen.aspx?id=9063&参数1=参数1值&参数2=参数2值
http://www.xiangdang.net/worddoc.aspx?id=9'
很明显,查询参数多了单引号,导致你拼接的SQL语句出错。这样你的这个URL是存在SQL注入危险的。
建议你先判断或转换,再处理。不要使用你拼接的SQL语句,可用参数化你的SQL语句。