会导致sql注入的符号有:
"'", "<", ">", "%", "\"", ",", ".", ">=", "=<", "<>", "-", "_", ";", "||", "[", "]", "&", "/", "-", "|", " "
还有其他会导致sql注入的标签以及关键字,例如:
//标签:<applet>
<body>
<embed>
<frame>
<script>
<frameset>
<html>
<iframe>
<img>
<style>
<layer>
<link>
<ilayer>
<meta>
<object>
//关键字:
select, update, insert, delete, declare, @, exec, dbcc, alter, drop, create, backup, if, else, end, and, or, add, set, open, close, use, begin, retun, as, go, exists
