sql防注入校验
具体方法
/**
* @author ampsycho.hw
* @Title: sqlValidate
* @Description: 验证sql是否为违法关键字
* @param @param
* str
* @param @return
* @return boolean 有true,无false
*/
private boolean sqlValidate(String str) {
str = str.toLowerCase();
String badStr = "'|exec|execute|insert|select|delete|update|drop|%|master|truncate|"
+ "declare|sitename|net user|xp_cmdshell|like'|exec|execute|insert|create|drop|"
+ "table|grant|use|group_concat|column_name|information_schema.columns|table_schema|"
+ "select|delete|update|master|truncate|declare|-- |like|//|%";
String[] badStrs = badStr.split("\\|");
for (int i = 0; i < badStrs.length; i++) {
if (str.indexOf(badStrs[i]) >= 0) {
return true;
}
}
return false;
}