java 过滤敏感词和特殊字符 防止sql注入
2015-06-04 16:26
561 查看
前一段时间,被告知公司主页有可靠可以sql注入,网上搜索一遍,查询有没有之类的东东
开始想一起过滤敏感词语和特殊字符,感觉没有什么好的方法,
所以借鉴了网上部分思路,所以就写了过滤的方法,总体分2步走,
一是过滤敏感词语,我目前能想到的就这么多,可以自己加
二是过滤特殊字符
代码如下:
String sqlValidate(String str) {
String str2 = str.toLowerCase();//统一转为小写
String[] SqlStr1 = {"and","exec","execute","insert","select","delete","update","count","drop","chr","mid","master","truncate","char","declare","sitename","net user","xp_cmdshell","like","and","exec","execute","insert","create","drop","table","from","grant","use","group_concat","column_name","information_schema.columns","table_schema","union","where","select","delete","update","order","by","count","chr","mid","master","truncate","char","declare","or"};//词语
String[] SqlStr2 = {"*","'",";","or","-","--","+","//","/","%","#"};//特殊字符
for (int i = 0; i < SqlStr1.length; i++) {
if (str2.indexOf(SqlStr1[i])>=0) {
str = str.replaceAll("(?i)"+SqlStr1[i],"");//正则替换词语,无视大小写
}
}
for (int i = 0; i < SqlStr2.length; i++) {
if (str2.indexOf(SqlStr2[i]) >= 0) {
str = str.replaceAll(SqlStr2[i],"");
}
}
return str;
}
开始想一起过滤敏感词语和特殊字符,感觉没有什么好的方法,
所以借鉴了网上部分思路,所以就写了过滤的方法,总体分2步走,
一是过滤敏感词语,我目前能想到的就这么多,可以自己加
二是过滤特殊字符
代码如下:
String sqlValidate(String str) {
String str2 = str.toLowerCase();//统一转为小写
String[] SqlStr1 = {"and","exec","execute","insert","select","delete","update","count","drop","chr","mid","master","truncate","char","declare","sitename","net user","xp_cmdshell","like","and","exec","execute","insert","create","drop","table","from","grant","use","group_concat","column_name","information_schema.columns","table_schema","union","where","select","delete","update","order","by","count","chr","mid","master","truncate","char","declare","or"};//词语
String[] SqlStr2 = {"*","'",";","or","-","--","+","//","/","%","#"};//特殊字符
for (int i = 0; i < SqlStr1.length; i++) {
if (str2.indexOf(SqlStr1[i])>=0) {
str = str.replaceAll("(?i)"+SqlStr1[i],"");//正则替换词语,无视大小写
}
}
for (int i = 0; i < SqlStr2.length; i++) {
if (str2.indexOf(SqlStr2[i]) >= 0) {
str = str.replaceAll(SqlStr2[i],"");
}
}
return str;
}
相关文章推荐
- java中substring的使用方法
- Spring MVC
- Java中的线程Thread解析及用途
- 通过java的反射机制实现Map、JavaBean、JSON的相互转换工具类
- java虚拟机1
- K中心点算法(K-medoids) java实现
- JAVA初始化顺序
- Java socket多线程示例
- MyEclipse整合SVN
- 【JAVA基础知识总结】Java I/0流概述以及使用方法
- Java注释Override、Deprecated、SuppressWarnings详解
- myeclipse下jsp页面汉字不能保存问题
- Java注释Override、Deprecated、SuppressWarnings详解
- myeclipse下jsp页面汉字不能保存问题
- 随机抽奖 --java
- springmvc常用的组件,注解,跳转
- java获取给定时区时间,中国标准时.格林威治时间
- SpringMVC 学习笔记(五) 基于RESTful的CRUD
- eclipse中开机优化1
- 第二章 Spring MVC入门