当先锋百科网

首页 1 2 3 4 5 6 7

防止SQL注入,字符串过滤关键字符

public class SQLFilterTest {
    public static void main(String[] args) {
        String temp = "asdfasd哈哈哈哈哈.sdfjalsd.";
        System.out.println(doSQLFilter(temp));
    }
    //比较笨的过滤sql字符串
    public static String doSQLFilter(String str){
         str=str.replaceAll("\\.","。");
         str=str.replaceAll(":",":");
         str=str.replaceAll(";",";");
         str=str.replaceAll("&","&");
         str=str.replaceAll("<","<");
         str=str.replaceAll(">",">");
         str=str.replaceAll("'","'");
         str=str.replaceAll("\"","“");
         str=str.replaceAll("--","--");
         str=str.replaceAll("/","/");
         str=str.replaceAll("%","%");
         str=str.replaceAll("\\+", "+");
         str=str.replaceAll("\\(", "(");
         str=str.replaceAll("\\)", ")");
         return str;
    }
}