第三步： 根据数据库JS注入的特性(会包括 < script、 < /script > 和http://这样的字符)，在conn.asp里面放入如下代码：

  Function Cheack_Sqljs()'防止数据库外链JS注入:true为发现外链JS注入。

   Dim F_Post
   Dim F_Get

   Cheack_Sqljs = False

   If Request.Form <> "" Then'表单提交时的检测For Each F_Post In Request.Form If (Instr(LCase(Request.Form(F_Post)),"<script")<>0 or Instr(LCase(Request.Form(F_Post)),"</script>")<>0) and Instr(LCase(Request.Form(F_Post)),"http://")<>0 Then

    Cheack_Sqljs = True

    Exit For

   End If

  Next

 End If

 If Request.QueryString <> "" Then'QueryString提交时的检测For Each F_Get In Request.QueryString If (Instr(LCase(Request.Form(F_Get)),"<script")<>0 or Instr(LCase(Request.Form(F_Get)),"</script>")<>0) and Instr(LCase(Request.Form(F_Get)),"http://")<>0 Then

  Cheack_Sqljs = True

  Exit For

 End If

Next

End If

End Function

Function CheckDataFrom()'检查提交数据来源：True为数据从站外提交过来的

 CheckDataFrom = True

 server_v1 = CStr(Request.ServerVariables("HTTP_REFERER")) server_v2 = CStr(Request.ServerVariables("SERVER_NAME")) If Mid(server_v1,8,Len(server_v2)) <> server_v2 Then

  CheckDataFrom = False

 End If

End Function

If Cheack_Sqljs Or CheckDataFrom Then

 Response.Write "<Script Language=JavaScript>alert('禁止执行，非法操作。');</Script>" Response.End()

End If