防止SQL注入Javascript代码:
function IsValid( oField )
{
re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;
var re=/^/?(.*)(select%20|insert%20|delete%20from%20|count/(|drop%20table|update%20truncate%20|asc/(|mid/(|char/(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|/"|:|net%20user|/|%20or%20)(.*)$/gi;
$sMsg = "请您不要在参数中输入特殊字符和SQL关键字!"
if ( re.test(oField.value) )
{
alert( $sMsg );
oField.value="";
oField.focus();
return false;
}
}
<input name="name" type="text" id="name" size="30" onBlur="IsValid(this)" >
{
re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;
var re=/^/?(.*)(select%20|insert%20|delete%20from%20|count/(|drop%20table|update%20truncate%20|asc/(|mid/(|char/(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|/"|:|net%20user|/|%20or%20)(.*)$/gi;
$sMsg = "请您不要在参数中输入特殊字符和SQL关键字!"
if ( re.test(oField.value) )
{
alert( $sMsg );
oField.value="";
oField.focus();
return false;
}
}
<input name="name" type="text" id="name" size="30" onBlur="IsValid(this)" >
禁止回车提交表单Javascript代码:
<body οnkeydοwn='if(event.keyCode==13) return (event.srcElement.type=="textarea")'>
<form><input>
<input type=submit>
<textarea></textarea>
</form> <SCRIPT language=javascript event=onkeydown for=document>
if(event.keyCode==13){
return false;
}
</SCRIPT>
<form><input>
<input type=submit>
<textarea></textarea>
</form> <SCRIPT language=javascript event=onkeydown for=document>
if(event.keyCode==13){
return false;
}
</SCRIPT>
或者改用HTMLButton
把所有的 type="submit" 的按钮换成 type="button" 然后在为 button 写事件提交