//过滤用户名,密码
//start filter--------------------
if(instance.getUsername()!=null && instance.getPassword()!=null){
System.out.println(instance.getUsername());
System.out.println(instance.getPassword());
String tUserName = instance.getUsername();
String tPassword = instance.getPassword();
Pattern p = Pattern.compile("([~!@#$%^&\\*()_+\\-=;':\",\\./<>?|\\s]|drop|delete|truncate|and|or)");
Matcher m = p.matcher(tUserName);
if(m.find()){
request.setAttribute(Constant.REQUEST_MESSAGE, "用户名或密码中有特殊字符!");
return mapping.findForward(Constant.FORWARD_LOGIN);
}
tUserName = m.replaceAll("");//把符合的字符都过滤掉
m = p.matcher(tPassword);
if(m.find()){
request.setAttribute(Constant.REQUEST_MESSAGE, "用户名或密码中有特殊字符!");
return mapping.findForward(Constant.FORWARD_LOGIN);
}
tPassword = m.replaceAll("");
instance.setUsername(tUserName);
instance.setPassword(tPassword);
System.out.println("------------------");
System.out.println(instance.getUsername());
System.out.println(instance.getPassword());
}
//end filter----------
防止sql注入,登陆中用户名密码的过滤
最新推荐文章于 2022-12-06 09:07:49 发布