| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | List<String> columns = new ArrayList<>(); |
|---|
| | | List<String> values = new ArrayList<>(); |
|---|
| | | for (String key : reqJson.keySet()) { |
|---|
| | | if ("flowId".equals(key) || "id".equals(key)) { |
|---|
| | | if ("flowId".equals(key) || "id".equals(key) || "storeId".equals(key)) { |
|---|
| | | continue; |
|---|
| | | } |
|---|
| | | columns.add(key + "=" + reqJson.getString(key)); |
|---|
| | | columns.add(key + "='" + reqJson.getString(key)+"'"); |
|---|
| | | |
|---|
| | | //简单校验 |
|---|
| | | validateColumns(columns); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public static boolean containsSqlInjection(Object obj) { |
|---|
| | | Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)\\b|(\\*|;|\\+|'|%)"); |
|---|
| | | Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)"); |
|---|
| | | Matcher matcher = pattern.matcher(obj.toString().toLowerCase()); |
|---|
| | | return matcher.find(); |
|---|
| | | } |
|---|
