机房收费系统之结账BUG
声明:以下内容只对将卡表和退卡表放在同一张表的同学适用! 最近大家都已经开始做VB.NET机房收费系统重构版,在这里跟大家聊聊我在机房收费系统中发现的漏洞。 在机房收费系统中有这样一个窗体--结账。个人认为结账的功能是:领导对操作员注册退卡进行结账
声明:以下内容只对将卡表和退卡表放在同一张表的同学适用!最近大家都已经开始做VB.NET机房收费系统重构版,在这里跟大家聊聊我在机房收费系统中发现的漏洞。
在机房收费系统中有这样一个窗体--结账。个人认为结账的功能是:领导对操作员注册退卡进行结账,简单的说就是领导来收钱,如果你是一个操作员,每天充值退卡,你要知道你这段时间都赚了多少钱。
今天要说的重点就是卡表的结账!在结账中,有一个购卡,有一个退卡。也就是说,对于同一张卡,它注册后需要结账一次,退卡后也需要结账一次。
让我们来看看我数据库的卡表设计:
这里我们先不要纠结卡号是否为主键,每个字段的数据类型对不对。今天主要讲的是图中红色框框中的东西!如果你的注册和退卡在一张表中,如果你的卡表设计没有这四个字段,那么我可以很肯定的告诉你,你的结账有漏洞。
下面我们就来具体的说明为什么没有这四个字段就会有漏洞:
如图,一般大家的卡表设计都是这样,只有一个IsCheck字段和一个Handler字段。这样我们在结账的时候,如果有一张卡正在使用、未结账,然后我们就能在结账-购卡中把它查询出来。然后我们现在把它结账,这条记录的IsCheck字段就变成“已结账”,然后我们再对这张卡进行退卡操作!这时的退卡就没有结账,可是我们在结账-退卡中却查询不出来!这时为什么呢?现在我们来对比一下我们查询时使用的SQL语句:
结账-购卡:
select * from T_Card where IsCheck='未结账' and handler=@handler
select * from T_Card where regitsterIsCheck='未结账' and registerHandler=@handler
select * from T_Card where status='不使用' and IsCheck='未结账' and handler=@handler
select * from T_Card where status='不使用' and logoutIsCheck='未结账' and logoutHandler=@handler
说完了registerIsCheck和logoutIsCheck字段的由来,下面再说说registerHandler和logoutHandler的由来:
如果我们的卡表里面只有一个Handler字段,那么如果我们在操作员1处购卡,在操作员2处退卡,那么该记录的Handler最后应该是谁呢?通过以上的论述,相信大家对红色框中的四个字段的由来很信服了,如果大家还有什么不懂地方,可以找我私下讨论。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to enable Sensitive Content Warning on iPhone and learn about its features
Sep 22, 2023 pm 12:41 PM
Especially over the past decade, mobile devices have become the primary way to share content with friends and family. The easy-to-access, easy-to-use interface and ability to capture images and videos in real time make it a great choice for creating and sharing content. However, it's easy for malicious users to abuse these tools to forward unwanted, sensitive content that may not be suitable for viewing and does not require your consent. To prevent this from happening, a new feature with "Sensitive Content Warning" was introduced in iOS17. Let's take a look at it and how to use it on your iPhone. What is the new Sensitive Content Warning and how does it work? As mentioned above, Sensitive Content Warning is a new privacy and security feature designed to help prevent users from viewing sensitive content, including iPhone
How to change the Microsoft Edge browser to open with 360 navigation - How to change the opening with 360 navigation
Mar 04, 2024 pm 01:50 PM
How to change the page that opens the Microsoft Edge browser to 360 navigation? It is actually very simple, so now I will share with you the method of changing the page that opens the Microsoft Edge browser to 360 navigation. Friends in need can take a look. I hope Can help everyone. Open the Microsoft Edge browser. We see a page like the one below. Click the three-dot icon in the upper right corner. Click "Settings." Click "On startup" in the left column of the settings page. Click on the three points shown in the picture in the right column (do not click "Open New Tab"), then click Edit and change the URL to "0" (or other meaningless numbers). Then click "Save". Next, select "
What does game bug mean?
Feb 18, 2024 am 11:30 AM
What do game bugs mean? During the process of playing games, we often encounter some unexpected errors or problems, such as characters getting stuck, tasks being unable to continue, screen flickering, etc. These abnormal phenomena are called game bugs, that is, faults or errors in the game. In this article, we'll explore what game bugs mean and the impact they have on players and developers. Game bugs refer to errors that occur during the development or operation of the game, causing the game to fail to run normally or to behave unexpectedly. These errors may be due to
Apple iOS18 bug summary
Jun 14, 2024 pm 01:48 PM
As Apple's WWDC conference 2024 came to a successful conclusion, not only macos15 was announced, but the update of Apple's new iOS18 system attracted the most attention. Although there are many new features, as the first version of Apple's iOS18, people inevitably wonder whether it is necessary to upgrade Apple. iOS18, what kind of bugs are there in the latest release of Apple iOS18? After real use evaluation, the following is a summary of Apple iOS18 bugs, let’s take a look. Currently, many iPhone users are rushing to upgrade to iOS18. However, various system bugs are making people uncomfortable. Some bloggers said that you should be cautious when upgrading to iOS18 because "there are so many bugs." The blogger said that if your iPhone is
How to set up Cheat Engine in Chinese? Cheat Engine setting Chinese method
Mar 13, 2024 pm 04:49 PM
CheatEngine is a game editor that can edit and modify the game's memory. However, its default language is non-Chinese, which is inconvenient for many friends. So how to set Chinese in CheatEngine? Today, the editor will give you a detailed introduction to how to set up Chinese in CheatEngine. I hope it can help you. Setting method one: 1. Double-click to open the software and click "edit" in the upper left corner. 2. Then click “settings” in the option list below. 3. In the opened window interface, click "languages" in the left column
Where to set the download button in Microsoft Edge - How to set the download button in Microsoft Edge
Mar 06, 2024 am 11:49 AM
Do you know where to set the download button to display in Microsoft Edge? Below, the editor will bring you the method to set the download button to display in Microsoft Edge. I hope it will be helpful to you. Let’s follow the editor to learn it! Step 1: First open Microsoft Edge Browser, click the [...] logo in the upper right corner, as shown in the figure below. Step 2: Then click [Settings] in the pop-up menu, as shown in the figure below. Step 3: Then click [Appearance] on the left side of the interface, as shown in the figure below. Step 4: Finally, click the button on the right side of [Show Download Button] and it will change from gray to blue, as shown in the figure below. The above is where the editor brings you how to set up the download button in Microsoft Edge.
What does system bagage mean?
Nov 09, 2022 pm 02:40 PM
System bagage refers to system bug; the original meaning of bug is "bug", and now it can be used to refer to vulnerabilities that exist on the computer. The reason is that there are flaws in the system security policy, and there is a danger that attackers can access without authorization; in a broad sense On the topic, bug can be used to describe loopholes or defects that appear in various fields.
Sorting out Win11 errors and issues
Jan 13, 2024 pm 08:21 PM
Some people want to update win11, but they don’t know if there are many bugs in win11 and whether the update will cause problems. In fact, there are bugs in win11 now, but they have little impact on use. Are there many bugs in win11? Answer: There are still many bugs in win11. However, these bugs have little impact on daily use. If the user has high requirements for daily use, it is recommended to use it later. Summary of win11 bugs 1. Resource Manager 1. Sometimes memory overflow occurs, resulting in high memory usage of the Resource Manager. 2. This situation will cause the memory to occupy more than 70%, causing the computer to freeze or even crash. 2. Conflict and crash 1. Some applications are not compatible enough, causing conflicts with each other. 2. Although there are relatively few conflict procedures,
