看了网上的几个版本,感觉比较别扭,为何不直接用replaceAll呢?
public String removeSpecialSQLChars(String sql){
if(sql != null ){
sql = sql.replaceAll("\\'|\\band\\b|\\bexec\\b|\\binsert\\b|\\bselect\\b|\\bdelete\\b|\\bupdate\\b|\\bcount\\b|\\*|%|\\bchr\\b|\\bmid\\b|\\bmaster\\b|\\btruncate\\b|\\bchar\\b|\\bdeclare\\b|;|\\bor\\b|-|\\+|,", "");
}else{
sql = "";
}
return sql;
}