java 防止SQL注入字符串过滤

来源：互联网发布：2016年服务贸易数据编辑：程序博客网时间：2024/06/03 14:57

防止SQL注入，字符串过滤关键字符

public class SQLFilterTest {    public static void main(String[] args) {        String temp = "asdfasd哈哈哈哈哈.sdfjalsd.";        System.out.println(doSQLFilter(temp));    }    //比较笨的过滤sql字符串    public static String doSQLFilter(String str){         str=str.replaceAll("\\.","。");         str=str.replaceAll(":","：");         str=str.replaceAll(";","；");         str=str.replaceAll("&","＆");         str=str.replaceAll("<","＜");         str=str.replaceAll(">","＞");         str=str.replaceAll("'","＇");         str=str.replaceAll("\"","“");         str=str.replaceAll("--","－－");         str=str.replaceAll("/","／");         str=str.replaceAll("%","％");         str=str.replaceAll("\\+", "＋");         str=str.replaceAll("\\(", "（");         str=str.replaceAll("\\)", "）");         return str;    }}

0 0

java 防止SQL注入 字符串过滤

java 防止SQL注入字符串过滤