public class StringUtils {
public static String StringFilter(String str) throws PatternSyntaxException {
// 清除掉所有特殊字符
str=SqlFilter(str);
String regEx = "[`~!@#$%^&*()+=|{}':;',//[//].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]";
Pattern p = Pattern.compile(regEx);
Matcher m = p.matcher(str);
str= m.replaceAll("").trim();
return str;
}
public static String SqlFilter(String str)
{
String[] pattern ={ "select", "insert", "delete", "from", "count\\(", "drop table", "update", "truncate", "asc\\(", "mid\\(", "char\\(", "xp_cmdshell", "exec master", "netlocalgroup administrators", "net user","CR","LF","BS","or", "and" };
for (int i = 0; i < pattern.length; i++)
{
str = str.replace(pattern[i].toString(), "");
}
return str;
}
public static void main(String []args)
{
String str = "*or andadCVs*34_a _09_b5*[/435^*&城池()^$$&*).{}+.|.delet)%%*(*.中国}34{45[]12.fd'*&999下面是中文的字符¥……{}【】。,;’“‘”?";
System.out.println(str);
str=StringFilter(str);
System.out.println(str);
}
}
java 过滤掉特殊字符以及sql、shell命令
最新推荐文章于 2023-02-16 18:31:31 发布