@app.before_request
def before_request():
if request.method == ‘GET’:
data =request.args
else:
data =request.form.items()
data = [v for k,v in data]
if data:
for v in data:
v= str(v).lower()
pattern = r"\b(and|like|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|delclare|or)\b|(*|;)"
r = re.search(pattern,v)
if r:
return ‘请输入规范的参数!’
python 利用请求钩子解决sql注入问题
最新推荐文章于 2021-09-10 15:00:00 发布