package com.cssweb.webcall.util; //: 防止一般SQL注入 // 调用方法:PreventInfusion.sqlInfusion(str); public class PreventInfusion { private static final String inj_str = "'@and@exec@insert@select@delete@update@count@*@%@chr@mid@master@truncate@char@declare@;@or@lock table@grant@drop@ascii@-@+@,"; private static String strReplace(String str, String restr) { return str.replace(restr, ""); } private static String dealNull(String str) { String returnstr = null; if (str == null) returnstr = ""; else returnstr = str; return returnstr; } public static String sqlInfusion(String str) { String inj_stra[] = inj_str.split("@"); str = dealNull(str); str = str.toLowerCase(); for (int i = 0; i < inj_stra.length; i++) { if (str.indexOf(inj_stra[i]) >= 0) { str = strReplace(str, inj_stra[i]); } } return str; } public static void main(String[] args) { System.out.println(sqlInfusion("")); System.out.println(sqlInfusion("null")); System.out.println(sqlInfusion(null)); System.out.println(sqlInfusion("'adm'in,SELEct;")); } }///:~
java 防sql注入
最新推荐文章于 2023-03-02 16:50:50 发布