songguoqiang
5 months ago
13 changed files with 51 additions and 0 deletions
@ -0,0 +1,27 @@ |
|||||
|
package com.win.framework.common.util.sql; |
||||
|
|
||||
|
import java.util.regex.Matcher; |
||||
|
import java.util.regex.Pattern; |
||||
|
|
||||
|
import static com.win.framework.common.exception.enums.GlobalErrorCodeConstants.SQL_INJECTION; |
||||
|
import static com.win.framework.common.exception.util.ServiceExceptionUtil.exception; |
||||
|
|
||||
|
public class ValidSql { |
||||
|
|
||||
|
static String reg = "\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|mid|truncate|char|or)\\b|([*;+'%])"; |
||||
|
static Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);//表示忽略大小写
|
||||
|
|
||||
|
/** |
||||
|
* 参数校验 |
||||
|
* |
||||
|
* @param str ep: "or 1=1" |
||||
|
*/ |
||||
|
public static boolean isSqlValid(String str) { |
||||
|
Matcher matcher = sqlPattern.matcher(str); |
||||
|
if (matcher.find()) { |
||||
|
throw exception(SQL_INJECTION, matcher.group()); |
||||
|
} |
||||
|
return true; |
||||
|
} |
||||
|
|
||||
|
} |
Loading…
Reference in new issue