Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Fuzzy query prevents sql injection

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)06/01 Report--

Mysql mybatis environment:

1 >. Handle sql special characters {"*", "%", "_"}-- > with "/ *", "/%", "/ _"

2 >. Handle in sql, define'/'as escape character

Public abstract class BaseEntity extends PrimaryKeyObject {

Private static final long serialVersionUID = 1L

@ Transient / / is used to annotate the properties in the pojo object. The annotated properties will be transient and will not be persisted.

Does protected Boolean escapeChar; / / contain escape characters?

Protected String keyword; / / fuzzy query keyword

Public String getKeyword () {

Return keyword = = null? Null: keyword.trim ()

}

Public void setKeyword (String keyword) {

This.keyword = keyword = = null? Null: keyword.trim ()

}

Public Boolean getEscapeChar () {

This.getNewKeyword ()

Return escapeChar

}

Public void setEscapeChar (Boolean escapeChar) {

This.escapeChar = escapeChar

}

/ / replace sql special characters {"*", "%", "_"}-> with "/ *", "/%", "/ _"

Private void getNewKeyword () {

If (escapeChar = = null) {

EscapeChar = false

}

If (StringUtils.isNotEmpty (keyword) & &! escapeChar) {

Pattern p1 = Pattern.compile ("\ * |% | _")

Matcher M1 = p1.matcher (keyword)

StringBuffer buf = new StringBuffer ()

While (m1.find ()) {

M1.appendReplacement (buf, "/" + m1.group ())

}

M1.appendTail (buf)

String newkeyword = buf.toString ()

If (! keyword.equals (newkeyword)) {

This.setEscapeChar (true)

This.setKeyword (newkeyword)

}

}

}

}

And (

Name like CONCAT ("%", # {keyword}, "%") escape'/'

Or

Uname like CONCAT ("%", # {keyword}, "%") escape'/'

)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Database

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report