Java教程
Java 防止SQL注入
本文主要是介绍Java 防止SQL注入,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
package com.filter;
import com.utils.StringUtils;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
/**
* sql注入过滤器
*/
@Component
@WebFilter(urlPatterns = "/*", filterName = "SQLInjection")
public class SqlInjectFilter implements Filter {
private static String regx = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";
private static Set<String> notAllowedKeyWords = new HashSet<String>(0);
private static String replacedString = "INVALID";
static {
String keyStr[] = regx.split("\\|");
for (String str : keyStr) {
notAllowedKeyWords.add(str);
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
Map parametersMap = servletRequest.getParameterMap();
Iterator it = parametersMap.entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
String[] value = (String[]) entry.getValue();
for (int i = 0; i < value.length; i++) {
if (null != value[i] && checkSqlKeyWords(value[i])) {
/*可根据业务场景切换*/
value[i] = cleanSqlKeyWords(value[i]);
// servletRequest.setAttribute("err", "您输入的参数有非法字符,请输入正确的参数!");
// servletRequest.setAttribute("pageUrl", req.getRequestURI());
// servletRequest.getRequestDispatcher(servletRequest.getServletContext().getContextPath() + "/error").forward(servletRequest, servletResponse);
// return ;
}
}
}
filterChain.doFilter(servletRequest,servletResponse);
}
private String cleanSqlKeyWords(String value){
String paramValue = value;
for (String keyWord : notAllowedKeyWords) {
if (paramValue.length() > keyWord.length() && (paramValue.contains(" "+keyWord)||paramValue.contains(keyWord+" ")||paramValue.contains(" "+keyWord+" ")||paramValue.contains(keyWord))) {
paramValue = paramValue.replace(keyWord,"");
}
}
return paramValue;
}
public boolean checkSqlKeyWords(String value){
String paramValue = value;
for (String keyword : notAllowedKeyWords) {
if (paramValue.length() > keyword.length() && (paramValue.contains(" "+keyword)||paramValue.contains(keyword+" ")||paramValue.contains(" "+keyword+" ")||paramValue.contains(keyword))) {
return true;
}
}
return false;
}
@Override
public void destroy(){
}
}
这篇关于Java 防止SQL注入的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
您可能喜欢
-
基于Python+Vue开发的医院门诊预约挂号系统10-01
-
基于Python+Vue开发的旅游景区管理系统10-01
-
RestfulAPI入门指南:打造简单易懂的API接口10-01
-
初学者指南:了解和使用Server Action10-01
-
Server Component入门指南:搭建与配置详解10-01
-
React 中使用 useRequest 实现数据请求10-01
-
使用 golang 将ETH账户的资产平均分散到其他账户10-01
-
JWT用户校验课程:从入门到实践10-01
-
Server Component课程入门指南10-01
-
Dnd-Kit学习:新手快速入门指南09-30
-
ESLint学习:初学者指南09-30
-
Formik学习:从入门到实践指南09-30
-
Hooks 规则学习:从入门到上手的简单教程09-30
-
Husky学习:初学者必备指南09-30
-
Immer不可变数据用法入门教程09-30
栏目导航
