Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.migo.defence; import com.migo.utils.RRException; import org.apache.commons.lang.StringUtils; /** * @author * @email fei6751803@163.com */ public class SQLFilter { /** * SQL * @param str ? */ public static String sqlInject(String str) { if (StringUtils.isBlank(str)) { return null; } //'|"|;|\ str = StringUtils.replace(str, "'", ""); str = StringUtils.replace(str, "\"", ""); str = StringUtils.replace(str, ";", ""); str = StringUtils.replace(str, "\\", ""); //??? str = str.toLowerCase(); //? String[] keywords = { "master", "truncate", "insert", "select", "delete", "update", "declare", "alert", "create", "drop" }; //??? for (String keyword : keywords) { if (str.contains(keyword)) { throw new RRException("??"); } } return str; } }