會導致sql注入的符號有:
"'",?"<",?">",?"%",?"\"",?",",?".",?">=",?"=<",?"<>",?"-",?"_",?";",?"||",?"[",?"]",?"&",?"/",?"-",?"|",?"?"
還有其他會導致sql注入的標簽以及關鍵字,例如:
//標簽:<applet>
<body>
<embed>
<frame>
<script>
<frameset>
<html>
<iframe>
<img>
<style>
<layer>
<link>
<ilayer>
<meta>
<object>
//關鍵字:
select,?update,?insert,?delete,?declare,?@,?exec,?dbcc,?alter,?drop,?create,?backup,?if,?else,?end,?and,?or,?add,?set,?open,?close,?use,?begin,?retun,?as,?go,?exists
