/** * Copyright (c) 2016-2019 人人开源 All rights reserved. * * https://www.renren.io * * 版权所有,侵权必究! */ package com.yb.config; import org.apache.commons.lang.StringUtils; /** * SQL过滤 * * @author Mark sunlightcs@gmail.com */ public class SQLFilter { /** * SQL注入过滤 * @param str 待验证的字符串 */ public static String sqlInject(String str) throws Exception { if(StringUtils.isBlank(str)){ return null; } //去掉'|"|;|\字符 str = StringUtils.replace(str, "'", ""); str = StringUtils.replace(str, "\"", ""); str = StringUtils.replace(str, ";", ""); str = StringUtils.replace(str, "\\", ""); //转换成小写 str = str.toLowerCase(); //非法字符 String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"}; //判断是否包含非法字符 for(String keyword : keywords){ if(str.indexOf(keyword) != -1){ throw new Exception("包含非法字符"); } } return str; } }