The following will introduce to you how to prevent SQL injection in js code from two aspects. It is very simple and practical. Friends who are interested can refer to it!
1. URL address injection prevention:
//过滤URL非法SQL字符
var sUrl=location.search.toLowerCase();
var sQuery=sUrl.substring(sUrl.indexOf("=")+1);
re=/select|update|delete|truncate|join|union|exec|insert|drop|count|'|"|;|>|<|%/i;
if(re.test(sQuery))
{
alert("请勿输入非法字符");
location.href=sUrl.replace(sQuery,"");
}2. Input text box anti-injection:
/Prevent SQL injection
function AntiSqlValid(oField )
{
re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;
if ( re.test(oField.value) )
{
//alert("请您不要在参数中输入特殊字符和SQL关键字!"); //注意中文乱码
oField.value = ";
oField.className="errInfo";
oField.focus();
return false;
} Add the following method to the input text box that needs to be protected from injection
txtName.Attributes.Add("onblur", "AntiSqlValid(this)");//防止Sql脚本注入 The editor will tell you so much about how to prevent SQL injection in JS code. I hope it will be helpful to you!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
