'屏蔽通过地址栏攻击

url=Request.ServerVariables("QUERY_STRING")

ifinstr(url,";")>=1then

url=Replace(url,";","；"):Response.Redirect("?"&url)

endif

'屏蔽通过表单攻击

foreachiteminrequest.form

stritem=lcase(server.HTMLEncode(Request.form(item)))

ifinstr(stritem,"select")>=1orinstr(stritem,"insert")>=1orinstr(stritem,"update")>=1orinstr(stritem,"delete")>=1orinstr(stritem,"exec")>=1orinstr(stritem,"declare")>=1then

response.write("对不起,请不要输入非法字符!")

response.end

endif

next