这个投票系统 看上去很严密 实际用了 我才知道它是不堪一击的 投票也加了验证码但是还是很失败 public string toupiao(int id) ...{ DateTime d = (DateTime)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select max(datatime) from per_ip_temp"); DateTime dd = d.AddDays(1); if (dd.Day == DateTime.Now.Day) ...{ DataSet ds12 = LiTianPing.DBUtility.DbHelperSQL.Query("select * from per_ip_temp"); string path = System.Web.HttpContext.Current.Server.MapPath("ip/") + System.DateTime.Now.ToString("yyyyMMddHHmmss") + ".xml"; ds12.WriteXml(path); LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("delete from per_ip_temp"); } int count = 1; try ...{ string ip = System.Web.HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"].ToString(); ; if (LiTianPing.DBUtility.DbHelperSQL.Exists("select count(*) from per_ip_temp where ip='" + ip + "'")) ...{ count = (int)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select ipcount from per_ip_temp where ip='" + ip + "'"); } else ...{ LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("insert into per_ip_temp (ip,per_id) values('" + ip + "','" + System.Web.HttpContext.Current.Request.QueryString.Get("id") + "')"); } if (count <= 5) ...{ if (Convert.ToInt32(panduan_cook()) >= 5) ...{ return "失败:每个人24小时内只能投五次"; } else ...{ write_cook(Convert.ToInt32(panduan_cook()) + 1); toupioa(ip, count); return "投票成功:你今天第" + count + "次票"; } } else ...{ return " 失败:每个人24小时内能投五次"; } } catch ...{ return "你没有请选择"; } } protected void toupioa(string ip, int count) ...{ string sql = "update per_info set per_nuber=per_nuber+1 where id=" + System.Web.HttpContext.Current.Request.QueryString.Get("id"); string sql1 = "update per_ip_temp set ipcount=ipcount+1 where ip='" + ip + "'"; LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql); LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql1); } private void write_cook(int i) ...{ HttpCookie hc = new HttpCookie("user"); hc.Value = i.ToString(); hc.Expires = System.DateTime.Now.AddDays(1); System.Web.HttpContext.Current.Response.Cookies.Add(hc); } private string panduan_cook() ...{ HttpCookie hc = System.Web.HttpContext.Current.Request.Cookies["user"]; if (!Object.Equals(hc, null)) ...{ return hc.Value; } else ...{ return ""; } }