瞎了小弟我的氪金狗眼,铁道部订票网站是哪个烂程序猿写的!纳税人砸了5千万的银子啊
瞎了我的氪金狗眼,铁道部订票网站是哪个烂程序猿写的!纳税人砸了5千万的银子啊!
简直服了,平时潜水,今天看到这个物体实在忍无可忍
是啊,拿我们纳税人的5千万,造了一个值5万块的网站。
我眼贱手也瘸啊,打开12306.cn时好奇的查看首页的源代码,居然看到这样一大段物体,这货是神马!?
function replaceALL(){ if(typeof(document.getElementById("searchwordl"))=="undefined"||document.getElementById("searchwordl").value==''){ alert("请输入检索条件"); document.getElementById("searchwordl").focus(); return false; } if(typeof(document.getElementById("searchwordl"))!="undefined"){ var searchwordl = document.getElementById('searchwordl').value; var sig = 0; if(searchwordl.indexOf("'") > -1 || searchwordl.indexOf("\"") > -1 || searchwordl.indexOf("%") > -1 || searchwordl.indexOf("#") > -1 || searchwordl.indexOf("&") > -1 || searchwordl.indexOf("*") > -1 || searchwordl.indexOf("(") > -1 || searchwordl.indexOf(")") > -1 || searchwordl.indexOf("@") > -1 || searchwordl.indexOf("`") > -1 || searchwordl.indexOf("/") > -1 || searchwordl.indexOf("\\") > -1 || searchwordl.indexOf(",") > -1 || searchwordl.indexOf(".") > -1 || searchwordl.indexOf("=") > -1 || searchwordl.indexOf("<") > -1 || searchwordl.indexOf(">") > -1) sig = 1; searchwordl=searchwordl.replace("'",""); //searchwordl=searchwordl.replace(" ",""); searchwordl=searchwordl.replace("%",""); searchwordl=searchwordl.replace("#",""); searchwordl=searchwordl.replace("&",""); searchwordl=searchwordl.replace("*",""); searchwordl=searchwordl.replace("(",""); searchwordl=searchwordl.replace(")",""); searchwordl=searchwordl.replace("@",""); searchwordl=searchwordl.replace("`",""); searchwordl=searchwordl.replace("/",""); searchwordl=searchwordl.replace("\\",""); searchwordl=searchwordl.replace(",",""); searchwordl=searchwordl.replace(".",""); searchwordl=searchwordl.replace("=",""); searchwordl=searchwordl.replace("<",""); searchwordl=searchwordl.replace(">",""); if(searchwordl == '请输入搜索条件'){ alert("请输入搜索条件"); return false; } if(searchwordl == ''){ alert("请正确输入搜索条件"); return false; } if(sig == 1){ alert("请正确输入搜索条件"); return false; } document.getElementById('searchword').value=searchwordl; return true; //document.fmsearch.submit(); } 这货绝对是外包给某个程序员利用业余时间做的网站! 你不就是想替换这些字符防止SQL注入吗,哥给你写一段,开源给你们,拿去用吧!
"这句话'话%里面#&*包含了(很多)个@`特殊的/符号,\\有那么,.=<难>替换吗?".replace(/['%#&\*\(\)@`\/\\,\.=<>]/g, '')
"这句话话里面包含了很多个特殊的符号有那么难替换吗?"
再送你一段!
var map = {"'":"(单引号)", "%":"(百分号)", "#":"(井号)" /*, 符号太多,略去*/}; "这句话话里面包含了'、%、#".replace(/['%#&\*\(\)@`\/\\,\.=<>]/g, function(){ return map[arguments[0]]; })
"这句话话里面包含了(单引号)、(百分号)、(井号)"
|
1 楼
yejq
2012-04-20
这是高级功能 无证程序媛不懂的啦
2 楼
zuoming99
2012-04-20
yejq 写道
这是高级功能 无证程序媛不懂的啦
简直服了,平时潜水,今天看到这个物体实在忍无可忍
3 楼
bosket1027
2012-04-20
铁老大 推出12306确实买票好了一点,但是网站就不敢恭维了
4 楼
zuoming99
2012-04-20
bosket1027 写道
铁老大 推出12306确实买票好了一点,但是网站就不敢恭维了
是啊,拿我们纳税人的5千万,造了一个值5万块的网站。