1. url address anti-injection:
// Filter invalid SQL characters in the URL
VaR Surl = location. Search. tolowercase ();
VaR squery = Surl. substring (Surl. indexof ("=") + 1 );
Re =/select | update | Delete | truncate | join | Union | exec | insert | drop | count | '| "|;||<|%/I;
If (Re. Test (squery ))
{
Alert ("do not enter invalid characters ");
Location. href = Surl. Replace (squery ,"");
}
2. Enter the text box to prevent injection:
Introduce the following JS
1 // prevents SQL Injection
2 function antisqlvalid (ofield)
3 {
4 Re =/select | update | Delete | exec | count | '| "| = | ;|>|||%/ I;
5 If (Re. Test (ofield. Value ))
6 {
7 // alert ("Please do not enter special characters and SQL keywords in parameters! "); // Note Chinese garbled characters
8 ofield. value = ";
9 ofield. classname = "errinfo ";
10 ofield. Focus ();
11 return false;
12}
Add the following method to the input text box that requires anti-injection:
1 txtname. Attributes. Add ("onblur", "antisqlvalid (this)"); // prevents SQL Script Injection
Source: http://www.51obj.cn/