加上防SQL注入语句
比如:

<%
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
Fy_In = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"

If Request.QueryString<>"" Then
  For Each Fy_Get In Request.QueryString
    For Fy_Xh=0 To Ubound(Fy_Inf)
      If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
        Response.Write "<Script Language=JavaScript>alert('严重警告：请不要在参数中包含非法字符尝试注入！');</Script>"
        Response.Write "非法操作：系统做了如下记录<br>"
        Response.Write "操作ＩＰ："&Request.ServerVariables("REMOTE_ADDR")&"<br>"
        Response.Write "操作时间："&Now&"<br>"
        Response.Write "操作页面："&Request.ServerVariables("URL")&"<br>"
        Response.Write "提交方式：ＧＥＴ<br>"
        Response.Write "提交参数："&Fy_Get&"<br>"
        Response.Write "提交数据："&Request.QueryString(Fy_Get)
        Response.End
      End If
    Next
  Next
End If