看到了一段防止SQL注入的JavaScript代码,但是icech觉得最好还是在后台程序中处理。<SCRIPT language="JavaScript"> function Check(theform) { if (theform.UserName.value=="") { alert("请输入用户名!") theform.UserName.focus(); return (false); } if (theform.Password.value == "") { alert("请输入密码!"); theform.Password.focus(); return (false); } } function IsValid( oField ) { re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i; $sMsg = "请您不要在参数中输入特殊字符和SQL关键字!" if ( re.test(oField.value) ) { alert( $sMsg ); oField.value = ''; oField.focus(); return false; } } </SCRIPT> <input name="UserName" type="text" maxlength="20" id="UserName" onblur="IsValid(this);" style="width:125px;" /> <input name="Password" type="password" maxlength="20" id="Password" onblur="IsValid(this);" style="width:125px;" />
