Put it in conn.asp. Mask through the address bar attack url = request.servervariables ("query_string") if IF INSTR (URL, ";")> = 1 tell = Replace (URL, ";", ";": Response.redirect ("?" URL) END IF Mask through Form Attack for Each Item in Request.FormStritem = LCase (Server.htmlencode (Request.form (Item))) IF INSTR (Stritem, "SELECT")> = 1 or Instr (Stritem, "INSERT" )> = 1 or INSTR (Stritem, "Update")> = 1 or INSTR (StriteM, "Stritem," Exec ")> = 1 Or Instr (Stritem," Declare ">> = 1 ThenResponse.write ("Sorry, please do not enter illegal characters!") Response.Endend IfNext
