防范跨站点脚本攻击的的方法
1.利用空格替换特殊字符%<>{};&+-"'()
2.使用@,具体而言是将以下语句
exec="insertintouser(username,psw,sex,department,phone,email,demo)values('"&username&"','"&psw&"','"&sex&"','"&department&"','"&phone&"','"&email&"','"&@demo&"')"
conn.executeexec
替换成:
exec="insertintouser(username,psw,sex,department,phone,email,demo)values('@username','@psw','@sex','@department','@phone','@email','@demo')"
conn.executeexec