String username = request.getParameter("f_username");
for (int i=0 ; i < inj_stra.length ; i++ )
{
if (username.indexOf(inj_stra[i])>=0)
{
out.println("<script>alert('非法注入!');self.close();</script>");
return;
}
}
String inj_str = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master(www.111cn.net)|truncate|char|declare|;|or|-|+|,";//这里的东西还可以自己添加
String[] inj_stra=inj_str.split("\\|");for (int i=0 ; i < inj_stra.length ; i++ )
{
if (username.indexOf(inj_stra[i])>=0)
{
out.println("<script>alert('非法注入!');self.close();</script>");
return;
}
}