文学书籍

通用防SQL注入函数java版

您现在的位置:文学书籍 > 儿童诗歌时间2019-08-13 11:19 来源:本站

	通用防SQL注入函数java版

publicclassStringUtil{publicStringUtil(){}publicstaticStringreplace(Stringstr,Stringsubstr,Stringrestr){String[]tmp=split(str,substr);Stringreturnstr=null;if(!=0){returnstr=tmp[0];for(inti=0;;i++)returnstr=dealNull(returnstr)+restr+tmp[i+1];}returndealNull(returnstr);}publicstaticString[]split(Stringsource,Stringdiv){intarynum=0,intIdx=0,intIdex=0,div_length=();if(("")!=0){if((div)!=-1){intIdx=(div);for(intintCount=1;;intCount++){if((div,intIdx+div_length)!=-1){intIdx=(div,intIdx+div_length);arynum=intCount;}else{arynum+=2;break;}}}elsearynum=1;}elsearynum=0;intIdx=0;intIdex=0;String[]returnStr=newString[arynum];if(("")!=0){if((div)!=-1){intIdx=(int)(div);returnStr[0]=(String)(0,intIdx);for(intintCount=1;;intCount++){if((div,intIdx+div_length)!=-1){intIdex=(int)(div,intIdx+div_length);returnStr[intCount]=(String)(intIdx+div_length,intIdex);intIdx=(int)(div,intIdx+div_length);}else{returnStr[intCount]=(String)(intIdx+div_length,());break;}}}else{returnStr[0]=(String)(0,());returnreturnStr;}}else{returnreturnStr;}returnreturnStr;}publicstaticbooleansql_inj(Stringstr){Stringinj_str="|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";Stringinj_stra[]=split(inj_str,"|");for(inti=0;iinj_;i++){if((inj_stra[i])=0){returntrue;}}returnfalse;}privatestaticStringdealNull(Stringstr){Stringreturnstr=null;if(str==null)returnstr="";elsereturnstr=str;returnreturnstr;}publicstaticvoidmain(String[]args){(sql_inj("admin;"));}}jsp中调用该函数检查是否包函非法字符%if(("userID")!=null)userID=("userID").trim();if(_inj(userID)||_inj(pwd)){%ScriptLanguage=javascriptalert(参数中包含非法字符!);(-1);/Script%}else{}%StringUtil是我的通用防注入函数的包名,该函数参考了ASP通用防SQL注入函数,做了一些修改。

回到顶部