标签:
例子:
column_type = SecurityString.getHtml(column_type);
column_type = SecurityString.getValidSQLPara(column_type);
实现:
1 public class SecurityString { 2 3 public static String getHtml(String str) { 4 //过滤敏感字符 5 str = filter(str); 6 if (str != null) { 7 return str.replaceAll("\r\n", "<BR>"); 8 } else { 9 return " "; 10 } 11 } 12 /** 13 * 防止跨站脚本攻击 14 * 过滤敏感字符 15 * 将HTML特殊字符转换为相应的实体字符。 16 */ 17 public static String filter(String value) { 18 19 if (value == null || value.length() == 0) { 20 return value; 21 } 22 23 StringBuffer result = null; 24 String filtered = null; 25 for (int i = 0; i < value.length(); i++) { 26 filtered = null; 27 switch (value.charAt(i)) { 28 case ‘<‘ : 29 filtered = "<"; 30 break; 31 case ‘>‘ : 32 filtered = ">"; 33 break; 34 case ‘&‘ : 35 filtered = "&"; 36 break; 37 case ‘"‘ : 38 filtered = """; 39 break; 40 case ‘\‘‘ : 41 filtered = "‘"; 42 break; 43 } 44 45 if (result == null) { 46 if (filtered != null) { 47 result = new StringBuffer(value.length() + 50); 48 if (i > 0) { 49 result.append(value.substring(0, i)); 50 } 51 result.append(filtered); 52 } 53 } else { 54 if (filtered == null) { 55 result.append(value.charAt(i)); 56 } else { 57 result.append(filtered); 58 } 59 } 60 } 61 return result == null ? value : result.toString(); 62 } 63 /** 64 * 防止SQL注入 65 * 验证字符类型不能包含特殊字 66 */ 67 public static boolean checkNonlicetCharacters(String string) { 68 boolean flag = true; 69 // 不许出现单引号 70 if (string != null && string.indexOf("‘") > 0) { 71 flag = false; 72 } 73 74 return flag; 75 } 76 /** 77 * 防止SQL注入 78 */ 79 public static String getValidSQLPara(String string) { 80 if (string == null || string.length() == 0) { 81 return string; 82 } 83 return string.replaceAll("‘", "‘‘"); 84 } 85 86 }
标签:
原文地址:http://www.cnblogs.com/sky-of-chuanqingchen/p/4589232.html
