/**
* 防止sql注入
*/
package com.cvicse.sws.wfs.comm;
public class FilterSql {
public static String filterSql(String source)
{
//单引号替换成两个单引号
source = source.replace("'", "''");
source = source.replace("\"", "“");
source = source.replace("|", "|");
//半角分号替换为全角封号,防止多语句执行
source = source.replace(";", ";");
//半角括号替换为全角括号
source = source.replace("(", "(");
source = source.replace(")", ")");
/**/
///要用正则表达式替换,防止字母大小写得情况
//去除执行存储过程的命令关键字
source = source.replace("Exec", "");
source = source.replace("Execute", "");
//去除系统存储过程或扩展存储过程关键字
source = source.replace("xp_", "x p_");
source = source.replace("sp_", "s p_");
//防止16进制注入
source = source.replace("0x", "0 x");
return source;
}
}
* 防止sql注入
*/
package com.cvicse.sws.wfs.comm;
public class FilterSql {
public static String filterSql(String source)
{
//单引号替换成两个单引号
source = source.replace("'", "''");
source = source.replace("\"", "“");
source = source.replace("|", "|");
//半角分号替换为全角封号,防止多语句执行
source = source.replace(";", ";");
//半角括号替换为全角括号
source = source.replace("(", "(");
source = source.replace(")", ")");
/**/
///要用正则表达式替换,防止字母大小写得情况
//去除执行存储过程的命令关键字
source = source.replace("Exec", "");
source = source.replace("Execute", "");
//去除系统存储过程或扩展存储过程关键字
source = source.replace("xp_", "x p_");
source = source.replace("sp_", "s p_");
//防止16进制注入
source = source.replace("0x", "0 x");
return source;
}
}