<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>防止SQL注入的登录页面</title> <script type="text/javascript"> function Mycheck(str){ var mess="不允许输入的字符:\r\n"; var mark="yes"; if(str.indexOf(";")>=0){ mark="no"; mess+=" ; "; } if(str.indexOf("&")>=0){ mark="no"; mess+=" & "; } if(str.indexOf("<")>=0){ mark="no"; mess+=" < "; } if(str.indexOf(">")>=0){ mark="no"; mess+=" > "; } if(str.indexOf("--")>=0){ mark="no"; mess+=" -- "; } if(str.indexOf("/")>=0){ mark="no"; mess+=" / "; } if(str.indexOf("%")>=0){ mark="no"; mess+=" % "; } if(str.indexOf("'")>=0){ mark="no"; mess+=" ' "; } if(mark=="no"){ alert(mess); return false; } else return return true; } </script> </head> <body style="font-size:12px"> <table width="382" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="99" background="images/login_01.jpg"> </td> </tr> <tr> <td height="160" bgcolor="#FEF7C3"><table width="300" border="0" align="center" cellpadding="3" cellspacing="0"> <form name="form1" onSubmit="Mycheck(form1.txt_name.value)"> <tr> <td height="22" colspan="2" align="center"> </td> </tr> <tr> <td height="22" align="right">管理员:</td> <td height="22"><input name="txt_name" type="text" class="textbox" id="txt_name" size="18" maxlength="50"></td> </tr> <tr> <td height="22" align="right">密 码:</td> <td height="22"><input name="txt_passwd" type="password" class="textbox" id="txt_passwd" size="19" maxlength="50"></td> </tr> <tr> <td height="22" colspan="2" align="center"><input name="login" type="submit" id="login" value="登 录" class="button"> <input type="reset" name="Submit2" value="重 置" class="button"></td> </tr> </form> </table></td> </tr> </table> </body> </html>