防止SQL注入和禁止回车提交表单Javascript代码
http://blog.csdn.net/zuoyefeng_com/archive/2007/05/23/1623368.aspx 防止SQL注入 防止SQL注入Javascript代码: function IsValid( oField ) { re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i; var re=/^/?(.*)(select%20|insert%20|delete%20from%20|count/(|drop%20table|update%20truncate%20|asc/(|mid/(|char/(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|/"|:|net%20user|/|%20or%20)(.*)$/gi;
$sMsg = "请您不要在参数中输入特殊字符和SQL关键字!" if ( re.test(oField.value) ) { alert( $sMsg ); oField.value=""; oField.focus(); return false; } } <input name="name" type="text" id="name" size="30" onBlur="IsValid(this)" >
禁止回车提交表单Javascript代码: <body οnkeydοwn='if(event.keyCode==13) return (event.srcElement.type=="textarea")'> <form><input> <input type=submit> <textarea></textarea> </form>
<SCRIPT language=javascript event=onkeydown for=document> if (event.keyCode == 13) { return false; } </SCRIPT> 或者改用HTMLButton 把所有的 type="submit" 的按钮换成 type="button" 然后在为 button 写事件提交
|