java 防sql注入
package com.cssweb.webcall.util;??
?
//: 防止一般SQL注入??
//? 调用方法:PreventInfusion.sqlInfusion(str);??
public class PreventInfusion {??
??? private static final String inj_str = "'@and@exec@insert@select@delete@update@count@*@%@chr@mid@master@truncate@char@declare@;@or@lock table@grant@drop@ascii@-@+@,";??
??????
??? private static String strReplace(String str, String restr) {??
??????? return str.replace(restr, "");??
??? }??
??????
??? private static String dealNull(String str) {??
??????? String returnstr = null;??
??????? if (str == null)??
??????????? returnstr = "";??
??????? else?
??????????? returnstr = str;??
??????? return returnstr;??
??? }??
??????
??? public static String sqlInfusion(String str) {??
??????? String inj_stra[] = inj_str.split("@");??
??????? str = dealNull(str);??
??????? str = str.toLowerCase();??
??????? for (int i = 0; i < inj_stra.length; i++) {??
??????????? if (str.indexOf(inj_stra[i]) >= 0) {??
??????????????? str = strReplace(str, inj_stra[i]);??
??????????? }??
??????? }??
??????? return str;??
??? }??
??????
??? public static void main(String[] args) {??
??????? System.out.println(sqlInfusion(""));??
??????? System.out.println(sqlInfusion("null"));??
??????? System.out.println(sqlInfusion(null));??
??????? System.out.println(sqlInfusion("'adm'in,SELEct;"));??
??? }??
}
?
?
?
?
来自:http://blog.sina.com.cn/s/blog_6145ed810100fq4w.html
