asp防范跨站点脚本攻击的的方法

防范跨站点脚本攻击的的方法
1.利用空格替换特殊字符 % < > { } ; & + - " " （）
2.使用@,具体而言是将以下语句
exec="insert into user（username,psw,sex,department,phone,email,demo） values（""&username&"",""&psw&"",""&sex&"",""&department&"",""&phone&"",""&email&"",""&@demo&""）"
conn.execute exec
替换成:
exec="insert into user（username,psw,sex,department,phone,email,demo） values（"@username","@psw","@sex","@department","@phone","@email","@demo"）"
conn.execute exec