CREATE function [dbo].[F_TOOL_ValidateSQL](@sql varchar(2048))
RETURNS INT
WITH EXECUTE AS CALLER
as
/*
檢查SQL條件參數中是否存在非法字符,delete ,insert,update
*/
BEGIN
declare @i int;
set @sql=LOWER(@sql);
set @i=charindex('delete',@sql)
+charindex('update',@sql)
+charindex('insert',@sql)
+charindex('drop',@sql)
+charindex('alter',@sql)
+charindex('create',@sql)
+charindex('sys',@sql)
+charindex(';',@sql)
+charindex('sp_',@sql);
if(@i>0)
begin
return (1);
end
RETURN (0);
END
GO