Skip to content

C
cms_sys
Commit 0ca41ed7 authored by sgjj's avatar sgjj
Browse files
Options

sql注入

parent 32124236
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 0 deletions
src/main/java/net/mingsoft/cms/action/web/MCmsAction.java
View file @ 0ca41ed7
...@@ -447,6 +447,11 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction { ...@@ -447,6 +447,11 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
this.outString(response, content); this.outString(response, content);
} }
/**
* sql语句检测,存在返回true
* @param str
* @return
*/
public static boolean sqlFilter(String str){ public static boolean sqlFilter(String str){
Pattern pattern= Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)"); Pattern pattern= Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)");
Matcher matcher=pattern.matcher(str); Matcher matcher=pattern.matcher(str);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment