sql注入:java版本sql注入
网络安全十分重要。发一个防止sql防注入的程序,供大家学习讨论!
|
以下是代码片段 CheckSQL .java:
package org.easydone.sql;
import java.util.StringTokenizer;
/**
* <p>Title: sql防注入检测</p>
* <p>Description: sql防注入检测</p>
* <p>Copyright: Copyright (c) 2006 www.zaza.com.cn</p>
* <p>Company: 北京聚能易成科技有限公司</p>
* @Created on 2006-4-30
* @authory dirboy
* @version 1.0
*/
public class CheckSQL {
private String strSQL;
private String badwords = "select|update|delete|count|*|sum|master|script|'|declare|or|execute|alter|statement|executeQuery|count|executeUpdate";
public CheckSQL(String strSQL){
this.strSQL = strSQL;
}
/**
* 传入查询条件,返回是否含有敏感词结果
* @param str
* @return
*/
public boolean isBadwords(String str){
str = str.toLowerCase();
System.out.println(str);
String[] data = split(badwords,"|");
for (int i=0 ; i < data.length ; i++ ){
if (str.indexOf(data[i])>=0){
return true;
}
}
return false;
}
/**
* 分割 str1|str2|str3|str4|str5 格式的数据为一维数组
* @param str :str1|str2|str3|str4|str5
* @param sign :分割符
* @return
*/
public static String[] split(String str, String sign) {
String[] strData = null;
StringTokenizer st1 = new StringTokenizer(str, sign);
//定义数组长度
strData = new String[st1.countTokens()];
int i = 0;
while (st1.hasMoreTokens()) {
strData[i] = st1.nextToken().trim();
i++;
}
return strData;
}
public static void main(String[] args){
String query = "select * from user";
CheckSQL get = new CheckSQL(query);
if(get.isBadwords(query)){
System.out.println("非法字符");
}
}
} |
运行结果:
select * from user
非法字符