两段简单的JS代码防止SQL注入
2015-06-06 23:59
555 查看
1.URL地址防注入:
![](http://images0.cnblogs.com/blog/755440/201506/062359367854521.gif)
![](http://images0.cnblogs.com/blog/755440/201506/062359370192293.gif)
//过滤URL非法SQL字符
![](http://images0.cnblogs.com/blog/755440/201506/062359372079349.gif)
var sUrl=location.search.toLowerCase();
![](http://images0.cnblogs.com/blog/755440/201506/062359376446651.gif)
var sQuery=sUrl.substring(sUrl.indexOf("=")+1);
![](http://images0.cnblogs.com/blog/755440/201506/062359379263735.gif)
re=/select|update|delete|truncate|join|union|exec|insert|drop|count|'|"|;|>|<|%/i;
![](http://images0.cnblogs.com/blog/755440/201506/062359381136493.gif)
if(re.test(sQuery))
![](http://images0.cnblogs.com/blog/755440/201506/062359383322793.gif)
{
![](http://images0.cnblogs.com/blog/755440/201506/062359385352322.gif)
alert("请勿输入非法字符");
![](http://images0.cnblogs.com/blog/755440/201506/062359387381851.gif)
location.href=sUrl.replace(sQuery,"");
![](http://images0.cnblogs.com/blog/755440/201506/062359390516179.gif)
}
![](http://images0.cnblogs.com/blog/755440/201506/062359393489437.gif)
2.输入文本框防注入:
引入以下js
![](http://images0.cnblogs.com/blog/755440/201506/062359396761537.gif)
1
![](http://images0.cnblogs.com/blog/755440/201506/062359400512351.gif)
//防止SQL注入
2
![](http://images0.cnblogs.com/blog/755440/201506/062359402859123.gif)
function AntiSqlValid(oField )
3
![](http://images0.cnblogs.com/blog/755440/201506/062359404732882.gif)
{
4
![](http://images0.cnblogs.com/blog/755440/201506/062359409261252.gif)
re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;
5
![](http://images0.cnblogs.com/blog/755440/201506/062359411916267.gif)
if ( re.test(oField.value) )
6
![](http://images0.cnblogs.com/blog/755440/201506/062359415823853.gif)
{
7
![](http://images0.cnblogs.com/blog/755440/201506/062359418943883.gif)
//alert("请您不要在参数中输入特殊字符和SQL关键字!"); //注意中文乱码
8
![](http://images0.cnblogs.com/blog/755440/201506/062359422078210.gif)
oField.value = ";
9
![](http://images0.cnblogs.com/blog/755440/201506/062359424415983.gif)
oField.className="errInfo";
10
![](http://images0.cnblogs.com/blog/755440/201506/062359426445512.gif)
oField.focus();
11
![](http://images0.cnblogs.com/blog/755440/201506/062359431292125.gif)
return false;
12
![](http://images0.cnblogs.com/blog/755440/201506/062359436764225.gif)
}
![](http://images0.cnblogs.com/blog/755440/201506/062359443635070.gif)
在需要防注入的输入文本框添加如下方法
1
![](http://images0.cnblogs.com/blog/755440/201506/062359448324912.gif)
txtName.Attributes.Add("onblur", "AntiSqlValid(this)");//防止Sql脚本注入
原文出处:http://www.51obj.cn/
![](http://images0.cnblogs.com/blog/755440/201506/062359367854521.gif)
![](http://images0.cnblogs.com/blog/755440/201506/062359370192293.gif)
//过滤URL非法SQL字符
![](http://images0.cnblogs.com/blog/755440/201506/062359372079349.gif)
var sUrl=location.search.toLowerCase();
![](http://images0.cnblogs.com/blog/755440/201506/062359376446651.gif)
var sQuery=sUrl.substring(sUrl.indexOf("=")+1);
![](http://images0.cnblogs.com/blog/755440/201506/062359379263735.gif)
re=/select|update|delete|truncate|join|union|exec|insert|drop|count|'|"|;|>|<|%/i;
![](http://images0.cnblogs.com/blog/755440/201506/062359381136493.gif)
if(re.test(sQuery))
![](http://images0.cnblogs.com/blog/755440/201506/062359383322793.gif)
{
![](http://images0.cnblogs.com/blog/755440/201506/062359385352322.gif)
alert("请勿输入非法字符");
![](http://images0.cnblogs.com/blog/755440/201506/062359387381851.gif)
location.href=sUrl.replace(sQuery,"");
![](http://images0.cnblogs.com/blog/755440/201506/062359390516179.gif)
}
![](http://images0.cnblogs.com/blog/755440/201506/062359393489437.gif)
2.输入文本框防注入:
引入以下js
![](http://images0.cnblogs.com/blog/755440/201506/062359396761537.gif)
1
![](http://images0.cnblogs.com/blog/755440/201506/062359400512351.gif)
//防止SQL注入
2
![](http://images0.cnblogs.com/blog/755440/201506/062359402859123.gif)
function AntiSqlValid(oField )
3
![](http://images0.cnblogs.com/blog/755440/201506/062359404732882.gif)
{
4
![](http://images0.cnblogs.com/blog/755440/201506/062359409261252.gif)
re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;
5
![](http://images0.cnblogs.com/blog/755440/201506/062359411916267.gif)
if ( re.test(oField.value) )
6
![](http://images0.cnblogs.com/blog/755440/201506/062359415823853.gif)
{
7
![](http://images0.cnblogs.com/blog/755440/201506/062359418943883.gif)
//alert("请您不要在参数中输入特殊字符和SQL关键字!"); //注意中文乱码
8
![](http://images0.cnblogs.com/blog/755440/201506/062359422078210.gif)
oField.value = ";
9
![](http://images0.cnblogs.com/blog/755440/201506/062359424415983.gif)
oField.className="errInfo";
10
![](http://images0.cnblogs.com/blog/755440/201506/062359426445512.gif)
oField.focus();
11
![](http://images0.cnblogs.com/blog/755440/201506/062359431292125.gif)
return false;
12
![](http://images0.cnblogs.com/blog/755440/201506/062359436764225.gif)
}
![](http://images0.cnblogs.com/blog/755440/201506/062359443635070.gif)
在需要防注入的输入文本框添加如下方法
1
![](http://images0.cnblogs.com/blog/755440/201506/062359448324912.gif)
txtName.Attributes.Add("onblur", "AntiSqlValid(this)");//防止Sql脚本注入
原文出处:http://www.51obj.cn/
相关文章推荐
- Oracle之constraint/index/view/sequence/grant
- mysql 用户角色权限表建立
- Ubuntu15.04下切换openJRE7到Oracle JDK8的记录,网上其他资料不全!update-alternatives!
- 将MySQL转换为MMSQLServer2008实例过程
- 数据库锁
- oracle 多表连接 内连接 外连接
- MySql备份策略规划需要考虑的问题
- 2执行简单的增删改操作
- 公开课Introduction to Data Science的关系数据库总结
- Oracle dump函数
- VS2010无法连接SQL SERVER2008
- mysql常用命令总结
- 【关系代数习题】纸上得来终觉浅——数据库学习之路(4)
- 查看MYSQL数据库中所有用户及拥有权限
- 1连接数据库
- mysql修改密码
- mysql 一张表update另一张表
- Pl/sql学习笔记2
- 【2·未知攻焉知防】 如何利用SQL注入,结合图片马渗透入侵服务器
- [写代码]解析自定义数据库文件的思路