asp防注入效果程式碼放在conn.asp裡就行了。
'屏蔽透過網址列攻擊
url=Request.ServerVariables(QUERY_STRING)
if instr(url,;)>=1 then
url=Replace(url,;,;) : Response.Redirect(? & url)
end if
'屏蔽通過表單攻擊
for each item in request.form
stritem=lcase(server.HTMLEncode(Request.form(item)))
if instr(stritem,select )>=1 or instr(stritem,insert )>=1 or instr(stritem,update )>=1 or instr(stritem,delete )>=1 or instr(stritem,exec )>=1或 instr(stritem,declare )>=1 then
response.write (對不起,請不要輸入非法字元!)
response.end
end if
next