判断SQL注入的字符
public static boolean sql_Injection(String str) {
String inj_str = "' and exec insert select delete update"
+ " count * % chr mid master truncate char declare ; or - + ,";
String arr[] = inj_str.split(" ");
for (int i = 0; i < arr.length; i++) {
if (str.indexOf(arr[i]) != -1) {
return true;
}
}
return false;
}