以前没有加入防注入的代码,被别人注入了,
但后来加了代码,并把注入代码都删除了,
今天打开网站 后又发现了被人挂马了,
请问怎么才能安全的防止注入
以下 是我加的  防注入代码,代码是加在CONN.ASP文件中的
<%
'检测SQL注入,发现注入语法,直接报非法输入,并退出

'检测非字符
'SQL_injdata = "'|exec |insert |select |update |delete |set |xp_cmdshell |exec master|xp_dirtree |exec master |char |net localgroup administrators | and |net user | or |mid( |asc( |truncate |cast|declare|exec|varchar"
SQL_injdata = "'|exec |insert |select |update |delete |set |xp_cmdshell |exec master|xp_dirtree |exec master |char |net localgroup administrators | and |net user | or |mid( |asc( |truncate |declare|exec|varchar"
SQL_inj = split(SQL_Injdata,"|")

'检测GET
If Request.QueryString<>"" Then
    For Each SQL_Get In Request.QueryString
        For SQL_Data=0 To Ubound(SQL_inj)
            if instr(lcase(Request.QueryString(SQL_Get)),Sql_Inj(Sql_DATA))>0  Then
                response.write "输入非法"
                Response.end
            end if
        next
    Next
End If

'检测POST
If Request.Form<>"" Then
    For Each Sql_Post In Request.Form
        For SQL_Data=0 To Ubound(SQL_inj)
            if instr(lcase(Request.Form(Sql_Post)),Sql_Inj(Sql_DATA))>0 Then
                response.write "输入非法"
                Response.end
            end if
        next
    next
end if

'检测cookie
If Request.Cookies<>"" Then
    For Each Sql_Cookie In Request.Cookies
        For SQL_Data=0 To Ubound(SQL_inj)
            if instr(lcase(Request.Cookies(Sql_Cookie)),Sql_Inj(Sql_DATA))>0 Then
                response.write "输入非法"
                Response.end
            end if
        next
    next
end if
%>