function sqlinj (btn) { var form1; var temp; var i; form1 = btn.form; for (i=0; i0) { while (Instr(temp,"'")>-1) { form1.elements[i].value = form1.elements[i].value.replace("'", "`"); temp = form1.elements[i].value; } while (Instr(temp,";")>-1) { form1.elements[i].value = form1.elements[i].value.replace(";", ","); temp = form1.elements[i].value; } while (Instr(temp,"%")>-1) { form1.elements[i].value = form1.elements[i].value.replace("%", "/"); temp = form1.elements[i].value; } while (Instr(temp,"--")>-1) { form1.elements[i].value = form1.elements[i].value.replace("--", "-"); temp = form1.elements[i].value; } while (Instr(temp,"++")>-1) { form1.elements[i].value = form1.elements[i].value.replace("++", "+"); temp = form1.elements[i].value; } while (Instr(temp,"@@")>-1) { form1.elements[i].value = form1.elements[i].value.replace("@@", "@"); temp = form1.elements[i].value; } while (Instr(temp,"/*")>-1) { form1.elements[i].value = form1.elements[i].value.replace("/*", "/ *"); temp = form1.elements[i].value; } while (Instr(temp,"*/") >-1) { form1.elements[i].value = form1.elements[i].value.replace("*/", "* /"); temp = form1.elements[i].value; } while (Instr(temp,"0x")>-1) { form1.elements[i].value = form1.elements[i].value.replace("0x", "0 x"); temp = form1.elements[i].value; } while (Instr(temp,"0X")>-1) { form1.elements[i].value = form1.elements[i].value.replace("0X", "0 X"); temp = form1.elements[i].value; } } } } function Instr(strSearch, charSearchFor) { if(strSearch.length = 0) return -1; var j; for (j=0; j < strSearch.length; j++) { if (charSearchFor == Mid(strSearch, j, charSearchFor.length)) { return j; } } return -1; } function Mid(str, start, len) { // Make sure start and len are within proper bounds if (start < 0 || len < 0) return ""; var iEnd, iLen = String(str).length; if (start + len > iLen) iEnd = iLen; else iEnd = start + len; return String(str).substring(start,iEnd); }