1.在拼接原生SQL的时候,特殊字符如【'】,破坏了SQL的完整性。
public String escapeExprSpecialWord(String keyword) {
if (StringUtils.isNotEmpty(keyword)) {
String[] fbsArr = { "\\","$","(",")","*","+",".","[", "]","?","^","{","}","|","'","%" };
for (String key : fbsArr) {
if (keyword.contains(key)) {
keyword = keyword.replace(key, "\\" + key);
}
}
}
return keyword;
}
2.返给前端json数据,com.alibaba.fastjson.JSONObject.toJSONString(),如果内容中包含特殊字符\n,\t,\r等,会导致前端json无法正常解析。
public String formatJsonStr(String str){
if(StringUtils.isNotEmpty(str)){
String[] formatStrs = {"\t","\r","\n"};
for(String key:formatStrs){
if(str.contains(key)){
str = str.replace(key, ",");
}
}
}
return str;
}
3.文件上传及下载,文件名中有【,】也会导致无法下载,或下载内容为空。