javascript 防止特殊字符

javascript  防止sql注入  特殊字符

<SCRIPT language="JavaScript">

function Check(theform) 

{  

if (theform.UserName.value=="") 

{ 

alert("请输入用户名！")

theform.UserName.focus(); 

return (false); 

}

if (theform.Password.value == "") 

{ 

alert("请输入密码！"); 

theform.Password.focus(); 

return (false);

}

}

function IsValid( oField )

{

re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;

$sMsg = "请您不要在参数中输入特殊字符和SQL关键字！"

if ( re.test(oField.value) )

{

alert( $sMsg );

oField.value = '';

oField.focus();

return false;

}

}

</SCRIPT>

<input name="UserName" type="text" maxlength="20" id="UserName" onblur="IsValid(this);" style="width:125px;" />

<input name="Password" type="password" maxlength="20" id="Password" onblur="IsValid(this);" style="width:125px;" />