防止sql注入工具类
作者:互联网
public static String filtration(String str){
if(StringUtils.isNotEmpty(str)) {
String inj_str = "|select|and|or|like|regxp|from|where|update|exec|order|by|having|drop|delete|count|chr|mid|master|truncate|chardeclare|;||( )|[ ]|< >|,|.|;|:|'|\"|#|%|+|-|_|=|/|*|@|+|,";
//这里的东西还可以自己添加
String[] stra = inj_str.split("\\|");
for (int i = 0; i <= stra.length-1; i++) {
if (str.indexOf(stra[i]) >= 0) {
//清除包含的值
String a = stra[i];
str = str.replace(a, "");
continue;
}
}
return str;
}else{
return str;
}
}
标签:防止,return,String,int,str,inj,sql,stra,注入 来源: https://blog.csdn.net/weixin_42408930/article/details/113178702