java 防sql注入

package com.cssweb.webcall.util;  
 
//: 防止一般SQL注入  
//  调用方法：PreventInfusion.sqlInfusion(str);  
public class PreventInfusion {  
    private static final String inj_str = "'@and@exec@insert@select@delete@update@count@*@%@chr@mid@master@truncate@char@declare@;@or@lock table@grant@drop@ascii@-@+@,";  
      
    private static String strReplace(String str, String restr) {  
        return str.replace(restr, "");  
    }  
      
    private static String dealNull(String str) {  
        String returnstr = null;  
        if (str == null)  
            returnstr = "";  
        else 
            returnstr = str;  
        return returnstr;  
    }  
      
    public static String sqlInfusion(String str) {  
        String inj_stra[] = inj_str.split("@");  
        str = dealNull(str);  
        str = str.toLowerCase();  
        for (int i = 0; i < inj_stra.length; i++) {  
            if (str.indexOf(inj_stra[i]) >= 0) {  
                str = strReplace(str, inj_stra[i]);  
            }  
        }  
        return str;  
    }  
      
    public static void main(String[] args) {  
        System.out.println(sqlInfusion(""));  
        System.out.println(sqlInfusion("null"));  
        System.out.println(sqlInfusion(null));  
        System.out.println(sqlInfusion("'adm'in,SELEct;"));  
    }  
}

 

 

 

 

来自：http://blog.sina.com.cn/s/blog_6145ed810100fq4w.html