//先将指定字符拼接起来,然后转换成数组.
public int checkStr(String str){
String inj_str = "select|and|or|like|regxp|from|where|update|exec|order|by|having|drop|delete|(|)|[|]|<|>|,|.|;|:|'|\"|#|%|+|-|_|=|/|*|@";
String[] inj_stra=inj_str.split("\\|");
for (int i=0 ; i < inj_stra.length ; i++ ){
if (str.indexOf(inj_stra[i])>=0){
return 1;
}
}
return 0;
}
//获取请求参数.然后进行遍历.逐一比较.
Enumeration em = request.getParameterNames();
while(em.hasMoreElements()){
String paraName = (String)em.nextElement();
if(paraName.equals("isRoll") ){
if(checkStr(request.getParameter(paraName))==1){
response.sendRedirect("/error/filenoexist.jsp");
}
}else if(paraName.equals("outCode")){
if(checkStr(request.getParameter(paraName))==1){
response.sendRedirect("/error/filenoexist.jsp");
}
}else if(paraName.equals("fetchCode")){
if(checkStr(request.getParameter(paraName))==1){
response.sendRedirect("/error/filenoexist.jsp");
}
}else if(paraName.equals("jstitle")){
if(checkStr(request.getParameter(paraName))==1){
response.sendRedirect("/error/filenoexist.jsp");
}
}else{
response.sendRedirect("/error/filenoexist.jsp");
}
}
09-06
1289
10-24