How the sql keyword script checks for regular expressions 02/22 Update SLTechnology News&Howtos

How the sql keyword script checks for regular expressions

2025-02-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to check regular expressions in sql keyword scripts. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

In the process of sql assembly, it is sometimes necessary to assemble special external parameters into sql statements. If you do not detect whether the external parameters contain sql keywords, hackers take advantage of the loophole of the system to inject sql script statements to delete the database or steal data.

Sql keyword script checks for regular expressions

Java language

/ * if there is sql injection, return true means it contains * @ param obj * @ return * / public static boolean containsSqlInjection (Object obj) {Pattern pattern= Pattern.compile ("\\ b (and | exec | insert | select | drop | alter | delete | update | chr | mid | master | truncate | char | declare | or)\\ b | (\ * |; |\ + |'|%)"); Matcher matcher=pattern.matcher (obj.toString ()); return matcher.find ()};

Unit testing

@ Testpublic void testContainsSqlInjection () {boolean b1=SqlUtils.containsSqlInjection ("and nm=1"); assertEquals ("b1 is not true", true,b1); boolean b2=SqlUtils.containsSqlInjection ("niamsh delete from"); assertEquals ("b2 is not true", true,b2); boolean b3=SqlUtils.containsSqlInjection ("stand"); assertEquals ("b3 is not false", false,b3); boolean b4=SqlUtils.containsSqlInjection ("and"); assertEquals ("b4 not true", true,b4); boolean b5=SqlUtils.containsSqlInjection ("niasdm%asjdj") AssertEquals ("b5 is not true", true,b5);} on "sql keyword scripts how to check regular expressions" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.