在进行网站开发时,为了避免网站遭到SQL语句的注入式攻击,应该考虑到过滤字符串中的危险字符。
在该实例中,可以过滤"&;'<>--/ %=#"等字符时,在处理页面中会把这些字符过滤掉
/**
该示例主要利用String的replaceAll方法
public String replaceAll(String regex,String replacement)
参数说明:
regex: 表示需要替换的字符串
replacement : 表示替换后的字符串
*/
public class StringUtil{
private String sourceStr; // 源字符串
private String targetStr; // 替换后的字符串
public String getSourceStr(){
return sourceStr;
}
public void setSourceStr(String sourceStr){
this.sourceStr = sourceStr;
}
public String getTargetStr(){
sourceStr = sourceStr.replaceAll("&","&"); // 过滤字符&
sourceStr = sourceStr.replaceAll(";",""); // 过滤字符;
sourceStr = sourceStr.replaceAll("'",""); // 过滤字符'
sourceStr = sourceStr.replaceAll("<","<"); // 过滤字符<
sourceStr = sourceStr.replaceAll(">",">"); // 过滤字符>
sourceStr = sourceStr.replaceAll("/",""); // 过滤字符/
sourceStr = sourceStr.replaceAll("%",""); // 过滤字符%
sourceStr = sourceStr.replaceAll("=",""); // 过滤字符=
targetStr = sourceStr;
return targetStr;
}
public void setTargetStr(String targetStr){
this.targetStr = targetStr;
}
}
测试类
// 测试字符串过滤
public static void main(String[] args) {
StringUtil filterString_135 = new StringUtil ();
StringUtil .setSourceStr("zh;u'n<o</&d>e");
System.out.println(StringUtil .getTargetStr());
}