JAVAでのSQL注入防止(特殊文字フィルタ方式)


1.ページJavaScriptを使用してSQLに入力された特殊文字をフィルタ
<SCRIPT language="JavaScript">    
function Check(theform)    
{    
if (theform.UserName.value=="")    
{    
alert("      !")    
theform.UserName.focus();    
return (false);    
}    
if (theform.Password.value == "")    
{    
alert("     !");    
theform.Password.focus();    
return (false);    
}    
}    
function IsValid( oField )    
{    
re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;    
$sMsg = "               SQL   !"    
if ( re.test(oField.value) )    
{    
alert( $sMsg );    
oField.value = '';    
oField.focus();    
return false;    
}    
}    
</SCRIPT> 

 2.バックグラウンドサービス特殊文字
package cn.com.hbivt.util;   
public class StringUtils {   
       //                
       private static String[][] FilterChars={{"<","&lt;"},{">","&gt;"},{" ","&nbsp;"},{"\"","&quot;"},{"&","&amp;"},   
                                       {"/","&#47;"},{"\\","&#92;"},{"
","<br>"}}; // javascript private static String[][] FilterScriptChars={{"
","\'+\'\
\'+\'"}, {"\r"," "},{"\\","\'+\'\\\\\'+\'"}, {"\'","\'+\'\\\'\'+\'"}}; /** * * @param strings * @param spilit_sign * @return */ public static String stringConnect(String[] strings,String spilit_sign){ String str=""; for(int i=0;i<strings.length;i++){ str+=strings[i]+spilit_sign; } return str; } /** * * @param str * @return */ public static String stringFilter(String str){ String[] str_arr=stringSpilit(str,""); for(int i=0;i<str_arr.length;i++){ for(int j=0;j<FilterChars.length;j++){ if(FilterChars[j][0].equals(str_arr[i])) str_arr[i]=FilterChars[j][1]; } } return (stringConnect(str_arr,"")).trim(); } /** * ( (
) (\r)) * @param str * @return * 2004-12-21 */ public static String stringFilterScriptChar(String str){ String[] str_arr=stringSpilit(str,""); for(int i=0;i<str_arr.length;i++){ for (int j = 0; j < FilterScriptChars.length; j++) { if (FilterScriptChars[j][0].equals(str_arr[i])) str_arr[i] = FilterScriptChars[j][1]; } } return(stringConnect(str_arr,"")).trim(); } /** * * @param str * @param spilit_sign * @return */ public static String[] stringSpilit(String str,String spilit_sign){ String[] spilit_string=str.split(spilit_sign); if(spilit_string[0].equals("")) { String[] new_string=new String[spilit_string.length-1]; for(int i=1;i<spilit_string.length;i++) new_string[i-1]=spilit_string[i]; return new_string; } else return spilit_string; } /** * * @param str * @return */ public static String stringTransCharset(String str){ String new_str=null; try{ new_str=new String(str.getBytes("iso-8859-1"),"GBK"); } catch(Exception e){ e.printStackTrace(); } return new_str; } /** * * @param args */ public static void main(String[] args){ // String t_str1="<h1>StringDispose
\r\'\"</h1>"; System.out.println(" :"+t_str1); System.out.println(" :"+StringUtils.stringFilter(t_str1)); // String[] t_str_arr1={"PG_1","PG_2","PG_3"}; String t_str2=StringUtils.stringConnect(t_str_arr1,","); System.out.println(t_str2); // String[] t_str_arr2=StringUtils.stringSpilit(t_str2,","); for(int i=0;i<t_str_arr2.length;i++){ System.out.println(t_str_arr2[i]); } } }