asp防范跨站点脚本攻击的的方法 |
|
本文标签:跨站点,脚本攻击 防范跨站点脚本攻击的的方法 1.利用 空格 替换特殊字符 % < > { } ; & + - " ( ) 2.使用@,具体而言是将以下语句 exec="insert into user(username,psw,sex,department,phone,email,demo) values("&username&","&psw&","&sex&","&department&","&phone&","&email&","&@demo&")" conn.execute exec 替换成: exec="insert into user(username,psw,sex,department,phone,email,demo) values(@username,@psw,@sex,@department,@phone,@email,@demo)" conn.execute exec |
