Injection attack is very dangerous and nothing in injection attacks has risen every year, forcing managers to injection attacks also need to understand injection attacks and learn defense. Unfortunately, managers although learn defensive injection attacks good thing, but some managers set conditions too harsh and lead to miscarriage of justice to rise, even for each HTTP request to determine whether aggressive behavior, but also requires a powerful computing center, be possible to do validation on every HTTP. Our system provides a mechanism, it will analyze the vulnerability of each injection point, put forward a set of rules to the defense. Managers are usually in order to maintain the basic operation of the site, will run out of effort, so our system can help managers to filter the user, and adjust the filtering rules, but also by our system to observe the behavior of the attacker, according to the above I hope that managers can find own site with what vulnerabilities exist, and their own to modify the program, or use of our system of filtering rules to defense, and when we determine the attacker, it will be guide to the interactive system, we will record the user's attacks have to adjust our defense rules, and managers will be able to take to make the appropriate corresponding, not only does not affect the operation scenario of the original site, but also to attack isolation to another space, and from the observed behavior of the attacker, which get sort out attack mode.