asp防注入效果代码放在conn.asp里就行了。
'屏蔽通过地址栏攻击
url=Request.ServerVariables(QUERY_STRING)
if instr(url,;)>=1 then
url=Replace(url,;,;) : Response.Redirect(? & url)
end if
'屏蔽通过表单攻击
for each item in request.form
stritem=lcase(server.HTMLEncode(Request.form(item)))
if instr(stritem,select )>=1 or instr(stritem,insert )>=1 or instr(stritem,update )>=1 or instr(stritem,delete )>=1 or instr(stritem,exec )>=1 or instr(stritem,declare )>=1 then
response.write (对不起,请不要输入非法字符!)
response.end
end if
next