我有个ASP页面被360检测出XSS漏洞,请帮忙解决!
这是代码:<!--#include file="conn1.asp"-->
<!--#include file="config.asp"-->
<%
dim rs,sql,b,bb,i,tj,class1,class2,cnmai,diqu
set rs=server.createobject("ADODB.recordset")
class1=trim(request("class1"))
class2=trim(request("class2"))
leixing=trim(request("leixing"))
diqu=request("diqu")
cnmai=request("cnmai")
if request("page")="" then
ThisPage=1
else
ThisPage=request("page")
end if
%>
<HTML><HEAD><TITLE><%=title%>-阿坝二手交易网|阿坝二手|阿坝二手市场|阿
坝2手|阿坝跳蚤市场|</TITLE>
<META NAME="Keywords" CONTENT="|阿坝二手房产|阿坝房屋出租|阿坝二手车|
阿坝二手电脑|阿坝二手家具|阿坝二手手机|阿坝求职招聘">
<meta name="description" content="阿坝二手网是阿坝地区专业的二手门户信
息交易平台,网站具有发布,查询,浏览二手信息,发布,刊登广告等强大的功能"
/>
<link href="css/Css.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html;
charset=gb2312"></HEAD>
<BODY topMargin=0>
<!--#include file="top.asp" -->
<!--#include file=bar.asp-->
<div align="center">
<table width="986" height="114" border="0" bgcolor="#FFFFFF">
<tr><td width="205" valign="top">
<%if cnmai=1 then %>
<TABLE width="100%" border=0 cellPadding=0 cellSpacing=0
height="90"><tr><td>
<div align="center"><img border="0" src="images/a2.gif" width="170"
height="45"></div></td>
<tr><td>
<img border="0" src="images/point05.gif" width="9" height="12"> <%
dim rs2,sql2
set rs2=server.createobject("adodb.recordset")
sql2="select * from [class1] where id="&class1&" order by paixu desc"
rs2.open sql2,conn,1,1
do while not rs2.eof
response.write "<a href=""info.asp?
class1="&class1&"&cnmai=1""><b>"&rs2("class1")&"</b></a><br>"
exit do
loop
rs2.close
set rs2=nothing
%>
<%
dim rs1,sql1
set rs1=server.createobject("adodb.recordset")
sql1 = "select * from class2 where class1="&class1&" order by paixu
desc"
rs1.open sql1,conn,1,1
do while not rs1.eof
response.write "<a href=""info.asp?class1="&class1&"&class2="&rs1
("id")&"&cnmai=2"">"&rs1("class2")&"</a><br>"
rs1.movenext
loop
rs1.close
set rs1=nothing
%>
</td>
<tr>
<td align="center" width="193">
</td>
</tr>
<tr>
<%
dim j
sql="select top 4 * from xinxi where class1="&class1&" and yz=1 and
tupian<>'0'and tuijian=1 order by fbsj desc,ID desc"
rs.open sql,conn,1,1
while not rs.eof
%>
<%for j=0 to 0
if rs.eof then
exit for
end if
%>
<td align="center" width="193">
<a title="<%=rs("biaoti")%>" target="_blank" href="xinximemo.asp?
cnmai=<%=rs("id")%>">
<IMG src="uptupian/<%=rs("tupian")%>" width="124" height="98" border=1
style="border: 1px solid #C0C0C0; ; padding-left:2px; padding-
right:2px" ><br><%=mid(rs("biaoti"),1,16)%></a></td>
<%
rs.movenext
next
%>
</tr>
<%
wend
rs.close
%>
</table>
<div align="center">
<%else%>
</div>
<table>
<tr>
<%
sql="select top 8 * from xinxi where yz=1 and tupian<>'0'and
tuijian=1 order by fbsj desc,ID desc"
rs.open sql,conn,1,1
while not rs.eof
%>
<%for j=0 to 0
if rs.eof then
exit for
end if
%>
<td align="center" width="192">
<a title="<%=rs("biaoti")%>" target="_blank" href="xinximemo.asp?
cnmai=<%=rs("id")%>">
<IMG src="uptupian/<%=rs("tupian")%>" width="124" height="98" border=1
style="border: 1px solid #C0C0C0; ; padding-left:2px; padding-
right:2px" ><br><%=mid(rs("biaoti"),1,16)%></a></td>
<%
rs.movenext
next
%>
</tr>
<%
wend
rs.close
%>
</table>
<%end if%>
<td width="771" valign="top">
<table width="100%" id="table1">
<tr>
<td height="75" valign="top" width="100%" colspan="2">
<div align="center">
<table border="1" width="100%" id="table1" cellspacing="1"
bordercolor="#D1F299" style="border-collapse: collapse">
<tr>
<td style="width: 51; background-color:#ffffff" align="center"
height="25">方式</td>
<td style="width: 249px; background-color:#ffffff" align="center"
height="25">
标题/简介 <font color="#008080">(<img border="0"
src="images/num/pic.gif" width="13" height="13">-图片
<img border="0" src="images/num/jsq.gif" width="12" height="12">-置顶
<img border="0" src="images/num/jian.gif" width="15" height="15">-推荐
)</font></td>
<td style="width: 70px; background-color:#ffffff" align="center"
height="25">
地区</td>
<td style="width: 50px; background-color:#ffffff" align="center"
height="25">
价格</td>
<td style=" background-color:#ffffff" align="center" height="25">
击/回</td>
<td style="width: 65px; background-color:#ffffff" align="center"
height="25">日期</td>
</tr>
<%
dim ThisPage,Pagesize,Allrecord,Allpage,leixing
tj=0
Select Case cnmai
Case "1"
sql = "select * from xinxi where yz=1 and class1="&class1&" order by b
desc,id desc"
Case "2"
sql = "select * from xinxi where yz=1 and class1="&class1&" and
class2="&class2&" order by b desc,id desc"
Case "3"
sql = "select * from xinxi where yz=1 and leixing="&leixing&" order by
b desc,id desc"
Case "4"
sql = "select * from xinxi where yz=1 and diqu="&diqu&" order by b
desc,id desc"
Case "5"
sql = "select * from xinxi where yz=1 and tuijian=1 order by b desc,id
desc"
Case Else
sql = "select * from xinxi where yz=1 order by b desc,id desc"
' ,fbsj desc
End Select
rs.open sql,conn,1,1
rs.Pagesize=30
Pagesize=rs.Pagesize
Allrecord=rs.Recordcount
Allpage=rs.Pagecount
if ThisPage<1 then
ThisPage=1
end if
On Error Resume Next
rs.move (ThisPage-1)*Pagesize
if rs.eof then
response.write "还没有添加信息!"
else
do while not rs.eof
b=trim(rs("b"))
bb=len(b)
response.write "<tr>"
response.write "<td style=""BACKGROUND-COLOR: #ffffff""
align=""middle"" height=""22"">"
Select Case rs("leixing")
Case "1"
response.write "<font
color=""#800000"">"&leixing1&"</font>"
Case "2"
response.write "<font
color=""#FF00FF"">"&leixing2&"</font>"
Case "3"
response.write "<font
color=""#008000"">"&leixing3&"</font>"
Case "4"
response.write "<font
color=""#FF6600"">"&leixing4&"</font>"
Case "5"
response.write "<font
color=""#ff0000"">"&leixing5&"</font>"
Case "6"
response.write "<font
color=""#000080"">"&leixing6&"</font>"
Case "7"
response.write "<font
color=""#0000FF"">"&leixing7&"</font>"
Case "8"
response.write "<font
color=""#008080"">"&leixing8&"</font>"
Case Else
response.write "<font
color=""#000000"">"&leixing9&"</font>"
End Select
response.write "</td>"
response.write "<td style=""BACKGROUND-COLOR: #ffffff"" align=""left""
height=""22"">"
if rs("tupian")<>"0" then
response.write "<img src=""images/num/pic.gif"" alt=""有图片"">"
end if
response.write "<a target=""_blank"" title="""&rs("name")&"-发布
于"&datevalue(rs("fbsj"))&""" href=xinximemo.asp?cnmai="&rs("id")&">"
if rs("a")="0" then
response.write ""&rs("biaoti")&""
else
response.write "<font color=#"&rs("a")&"><b>"&rs("biaoti")
&"</b></font>"
end if
response.write "</a>"
if b<>0 then
response.write "<img src=""images/num/jsq.gif"">"
for i=1 to bb
response.write "<img src=""images/num/"&Mid(b,i,1)&".gif"">"
next
end if
if rs("tuijian")="1" then
response.write "<img src=""images/num/jian.gif"" alt=""本站推荐"">"
end if
response.write "</td>"
response.write "<td style=""BACKGROUND-COLOR: #ffffff""
align=""middle"" width=""70"" height=""22"">"&rs("diqu")&"</td>"
response.write "<td style=""BACKGROUND-COLOR: #ffffff""
align=""middle"" height=""22"">"
if rs("jiage")=0 then
response.write "面 议"
else
response.write rs("jiage")
end if
response.write "</td>"
response.write "<td style=""BACKGROUND-COLOR: #ffffff""
align=""middle"" height=""22"" width=""65"">"&rs("llcs")&"/"&rs
("hfcs")&"</td>"
response.write "<td style=""BACKGROUND-COLOR: #ffffff""
align=""middle"" height=""22"" width=""65"">"&datevalue(rs("fbsj"))
&"</td></tr>"
tj=tj+1
rs.movenext
if tj>=Pagesize then exit do
loop
end if
rs.close
set rs=nothing
%>
</table>
</div>
<div align="center">
<center>
<table border="0" cellpadding="0" style="border-collapse: collapse"
bordercolor="#111111" width="100%" bgcolor="#F2F2F2">
<tr>
<td height="25" width="151">
<p align="center">
共有 <font color="#CC5200"><%=Allrecord%></font> 条记录</td>
<td height="25" width="126">
<p align="center">共 <font color="#CC5200"><%=Allpage%></font> 页</td>
<td height="25" width="118">
<p align="center">现在是第
<font color="#CC5200"><%=ThisPage%></font> 页</td>
<td height="25" width="157">
<p align="center">
<%
if ThisPage<2 then
response.write "<font color=""#808080"">首页</font> "
response.write "<font color=""#808080"">上一页</font> "
else
response.write "<a href=?
page=1&class1="&class1&"&class2="&class2&"&cnmai="&cnmai&">首页
</a> "
response.write "<a href=?page="&ThisPage-
1&"&class1="&class1&"&class2="&class2&"&cnmai="&cnmai&">上一页
</a> "
end if
if Allpage-ThisPage<1 then
response.write "<font color=""#808080"">下一页</font> "
response.write "<font color=""#808080"">尾页</font> "
else
response.write "<a href=?page="&(ThisPage+1)
&"&class1="&class1&"&class2="&class2&"&cnmai="&cnmai&">下一页
</a> "
response.write "<a href=?
page="&Allpage&"&class1="&class1&"&class2="&class2&"&cnmai="&cnmai&">
尾页</a> "
end if
%></td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</table>
</div>
<!--#include file="end2.htm" -->
</BODY></HTML>
<%
Conn.Execute("Update xinxi Set b=0 where DateDiff('D',fbsj,now())
>="&b_y&" and rz=1")
closedb
%>
