我的jsp网站上,为了防sql注入,我把以下代码加入到网页中,可是,加入之后我所有的输入表单都不能用了,站内搜索也搜不出东西,请各位高手帮忙看一下是什么问题js版[CODE START]
<script language="javascript">
<!--
var url = location.search;
var re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table
|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|exec%20master
|net%20localgroup%20administrators|\"|:|net%20user|\'|%20or%20)(.*)$/gi;
var e = re.test(url);
if(e) {
alert("地址中含有非法字符~");
location.href="error.asp";
}
//-->
<script>
[CODE END]
<script language="javascript">
<!--
var url = location.search;
var re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table
|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|exec%20master
|net%20localgroup%20administrators|\"|:|net%20user|\'|%20or%20)(.*)$/gi;
var e = re.test(url);
if(e) {
alert("地址中含有非法字符~");
location.href="error.asp";
}
//-->
<script>
[CODE END]
location.href="error.asp";应为location.href="error.jsp";
第1次见这样的用法
var url = location.search;
那位高手给我个jsp用的防sql注入的代码?