解决登陆sql注入漏洞
注册账号时要限制注册账号和密码的约束 只能为数字加字母,不能让其它字符存入数据库,这样方便与数据库的管理,及用户名密码规范。
废话不多说直接上代码 (后台用正则过滤掉非法字符,简单粗暴解决登陆时sql注入问题)
String regExLoginName = "^[A-Za-z0-9_]+$";
//登陆密码正则验证
String regExPassword = "^[A-Za-z0-9_]+$";
// 编译正则表达式
Pattern patternLoginName = Pattern.compile(regExLoginName);
Matcher matcherLoginName = patternLoginName.matcher(loginName);
boolean checkLoginName = matcherLoginName.matches();
if(!checkLoginName){
throw new Exception("登录非法!");
}
// 编译正则表达式
Pattern patternPassword = Pattern.compile(regExPassword);
Matcher matcherPassword = patternPassword.matcher(password);
boolean checPassword = matcherPassword.matches();
if(!checPassword){
throw new Exception("登录非法!");
}
//登陆密码正则验证
String regExPassword = "^[A-Za-z0-9_]+$";
// 编译正则表达式
Pattern patternLoginName = Pattern.compile(regExLoginName);
Matcher matcherLoginName = patternLoginName.matcher(loginName);
boolean checkLoginName = matcherLoginName.matches();
if(!checkLoginName){
throw new Exception("登录非法!");
}
// 编译正则表达式
Pattern patternPassword = Pattern.compile(regExPassword);
Matcher matcherPassword = patternPassword.matcher(password);
boolean checPassword = matcherPassword.matches();
if(!checPassword){
throw new Exception("登录非法!");
}