The following is a method to prevent SQL injection of JS code from two aspects. It is very simple and practical. Interested friends can refer to it!
1. Anti-injection of URL address:
//Filter URL illegal SQL characters var sUrl=location.search.toLowerCase();var sQuery=sUrl.substring(sUrl.indexOf("=")+1);re=/select|update|delete|truncate|join|union|exec|insert|drop|count|'|"|;|>|<|%/i;if(re.test(sQuery)){alert("Do not enter illegal characters");location.href=sUrl.replace(sQuery,"");}2. Enter text box to prevent injection:
/ Prevent SQL injection
function AntiSqlValid(oField ){re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;if ( re.test(oField.value) ){//alert("Please do not enter special characters and SQL keywords in the parameters!"); //Note the Chinese garbled oField.value = ";oField.className="errInfo";oField.focus();return false;}Add the following method to the input text box that requires anti-injection
txtName.Attributes.Add("onblur", "AntiSqlValid(this)");// Prevent Sql script injectionThe editor will introduce so much to you about how JS code prevents SQL injection, and I hope it will be helpful to you!