JAva SQL注入防止正則
651 ワード
/** **/
private static String reg = "(?:')|(?:--)|(/\\*(?:.|[\
\\r])*?\\*/)|"
+ "(\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";
\\b select 1select
private static Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);
private boolean isValid(String str)
{
if (sqlPattern.matcher(str).find())
{
logger.error(" :str=" + str);
return false;
}
return true;
}