js防止sql注入的参数过滤
<script language="javascript">
<!--
var url = location.search;
var re = /select%20|update%20|delete%20|truncate%20|join%20|union%20|exec%20|insert%20|drop%20|count|’|"|;|>|<|%/i;
var e = re.test(url); if(e) { alert("地址中含有非法字符~"); location.href="error.asp"; } //--> <script>