JAVA中防止SQL注入攻击类的源代码
防止SQL注入的Javascript代码::::
前端处理::::
<SCRIPT language="JavaScript">
function Check(theform)
{
if (theform.UserName.value=="")
{
alert("请输入用户名!")
theform.UserName.focus();
return (false);
}
if (theform.Password.value == "")
{
alert("请输入密码!");
theform.Password.focus();
return (false);
}
}
function IsValid( oField )
{
re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;
$sMsg = "请您不要在参数中输入特殊字符和SQL关键字!"
if ( re.test(oField.value) )
{
alert( $sMsg );
oField.value = '';
oField.focus();
return false;
}
}
</SCRIPT>
后台处理::::
Java代码
JAVA-字符串过滤类
package cn.com.hbivt.util;
/**
* @author not attributable
* @version 1.0
*/
public class StringUtils {
//过滤通过页面表单提交的字符
private static String[][] FilterChars={{"<","<"},{">",">"},{" "," "},{"\"","""},{"&","&"},
{"/","/"},{"\\","\"},{"\n","<br>"}};
//过滤通过javascript脚本处理并提交的字符
private static String[][] FilterScriptChars={{"\n","\'+\'\\n\'+\'"},
{"\r"," "},{"\\","\'+\'\\\\\'+\'"},
{"\'","\'+\'\\\'\'+\'"}};
- 1
- 2
- 3
- 4
前往页