瞎了我的氪金狗眼，铁道部订票网站是哪个烂程序猿写的！纳税人砸了5千万的银子啊！

我眼贱手也瘸啊，打开12306.cn时好奇的查看首页的源代码，居然看到这样一大段物体，这货是神马！？

 

 

 

function replaceALL(){
if(typeof(document.getElementById("searchwordl"))=="undefined"||document.getElementById("searchwordl").value==''){
alert("请输入检索条件");
document.getElementById("searchwordl").focus();
return false;
}
if(typeof(document.getElementById("searchwordl"))!="undefined"){
var searchwordl = document.getElementById('searchwordl').value;

var sig = 0;
if(searchwordl.indexOf("'") > -1 || searchwordl.indexOf("\"") > -1 || searchwordl.indexOf("%") > -1 || searchwordl.indexOf("#") > -1 || searchwordl.indexOf("&") > -1 || searchwordl.indexOf("*") > -1 || searchwordl.indexOf("(") > -1 || searchwordl.indexOf(")") > -1 || searchwordl.indexOf("@") > -1 || searchwordl.indexOf("`") > -1 || searchwordl.indexOf("/") > -1 || searchwordl.indexOf("\\") > -1 || searchwordl.indexOf(",") > -1 || searchwordl.indexOf(".") > -1 || searchwordl.indexOf("=") > -1 || searchwordl.indexOf("<") > -1 || searchwordl.indexOf(">") > -1)
sig = 1;

searchwordl=searchwordl.replace("'","");
//searchwordl=searchwordl.replace(" ","");
searchwordl=searchwordl.replace("%","");
searchwordl=searchwordl.replace("#","");
searchwordl=searchwordl.replace("&","");
searchwordl=searchwordl.replace("*","");
searchwordl=searchwordl.replace("(","");
searchwordl=searchwordl.replace(")","");
searchwordl=searchwordl.replace("@","");
searchwordl=searchwordl.replace("`","");
searchwordl=searchwordl.replace("/","");
searchwordl=searchwordl.replace("\\","");
searchwordl=searchwordl.replace(",","");
searchwordl=searchwordl.replace(".","");
searchwordl=searchwordl.replace("=","");
searchwordl=searchwordl.replace("<","");
searchwordl=searchwordl.replace(">","");
if(searchwordl == '请输入搜索条件'){
alert("请输入搜索条件");
return false;
}
if(searchwordl == ''){
alert("请正确输入搜索条件");
return false;
}
if(sig == 1){
alert("请正确输入搜索条件");
return false;
}
document.getElementById('searchword').value=searchwordl;
return true;
//document.fmsearch.submit();

}

这货绝对是外包给某个程序员利用业余时间做的网站！

你不就是想替换这些字符防止SQL注入吗，哥给你写一段，开源给你们，拿去用吧！

 

 

"这句话'话%里面#&*包含了(很多)个@`特殊的/符号,\\有那么,.=<难>替换吗?".replace(/['%#&\*\(\)@`\/\\,\.=<>]/g, '')

 

 

"这句话话里面包含了很多个特殊的符号有那么难替换吗?"

 

 

 再送你一段！

 

 

var map = {"'":"(单引号)", "%":"(百分号)", "#":"(井号)" /*, 符号太多，略去*/};
"这句话话里面包含了'、%、#".replace(/['%#&\*\(\)@`\/\\,\.=<>]/g, function(){
  return map[arguments[0]];
})

 

 

"这句话话里面包含了(单引号)、(百分号)、(井号)"

 

 

评论

6 楼 zuoming99 2012-08-15  

BuN_Ny 写道

这个程序员可能只是每月千元的毕业生。关他什么事？5千万，拿到项目开发上的资金有五十万么？

是啊，估计只有10万吧

5 楼 BuN_Ny 2012-08-13  

这个程序员可能只是每月千元的毕业生。关他什么事？5千万，拿到项目开发上的资金有五十万么？

4 楼 zuoming99 2012-04-20  

bosket1027 写道

铁老大 推出12306确实买票好了一点，但是网站就不敢恭维了

是啊，拿我们纳税人的5千万，造了一个值5万块的网站。

3 楼 bosket1027 2012-04-20  

铁老大 推出12306确实买票好了一点，但是网站就不敢恭维了

2 楼 zuoming99 2012-04-20  

yejq 写道

这是高级功能  无证程序媛不懂的啦

简直服了，平时潜水，今天看到这个物体实在忍无可忍

1 楼 yejq 2012-04-20  

这是高级功能  无证程序媛不懂的啦