求助ASP+ACCESS SQL注入漏洞修复
问题:扫描漏洞总是有注入漏洞,不知道怎么修改,求达人帮助,跪谢!
下面是代码
<!--#include file="../include/error.asp"-->
<!--#include file="../include/check.asp"--><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
</head>
<body class="about">
<%
Call OpenConnection()
Set rst=Server.CreateObject("ADODB.RecordSet")
Set rs=Server.CreateObject("ADODB.RecordSet")
Catalogid=request("catalogid")
productid=request("productid")
if productid="" then productid=1
Call CheckKeyword(catalogid)
Call CheckKeyword(productid)
if catalogid="" then catalogid=1
%>
<div class="mainwrap">
<!--#include file="../include/head.asp"-->
<%
rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then
%>
<div class="bannerwrap"><img src="../profile_images/<%=rst("banner_photo")%>" width="960" height="150" /></div>
<%
end if
rst.Close
%>
<div class="subbody">
<div class="left">
<div class="maintitle" id="title7">EMBA项目</div>
<div class="maincontent" id="content7"><!--#include file="../include/left.asp"--></div><!--#include file="../include/contactus.asp"-->
</div>
<div class="right">
<div class="maintitle" id="title8">您现在的位置:<a href="/index.asp">首页</a> > <a href="/profile/profile.asp?catalogid=1&productid=15">EMBA项目</a> >
<% productid=request("productid")%>
<% rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then%>
<%=rst("product_name")%>
<% end if
rst.Close%></div>
<div class="maincontent" id="content8">
<%
rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then
%>
<%=rst("product_desc")%>
<%
end if
rst.Close
%>
</div>
</div>
</div>
<!--#include file="../include/foot.asp"-->
</div>
<%
set rs=nothing
set rst=nothing
Call CloseConnection()
%>
</body>
</html>