尽快学习完成这个网页
https://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/
https://msdn.microsoft.com/en-us/library/ff650760.aspx
https://msdn.microsoft.com/en-us/library/ff649310.aspx
https://vulncat.fortify.com/en/vulncat/IPV.html
http://blog.csdn.net/wd330260402/article/details/5977989
http://www.w3school.com.cn/asp/met_htmlencode.asp
https://wiki.mobilehealth.va.gov/display/OISSWA/How+to+resolve+scanning+issues+reported+by+Fortify
https://msdn.microsoft.com/en-us/library/ff649310.aspx
Security Note:
Never hard-code a password within your source code. Hard coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler) tool, a hex editor, or by simply opening up the assembly in a text editor like notepad.exe.
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
http://www.activexperts.com/support/network-monitor/online/ii6metabase/
https://wiki.mobilehealth.va.gov/pages/viewpage.action?pageId=26772105