Example:
Column_type = securitystring.gethtml (Column_type);
Column_type = Securitystring.getvalidsqlpara (Column_type);
Realize:
1 Public classsecuritystring {2 3 Public Staticstring gethtml (String str) {4 //Filter Sensitive characters5str =filter (str); 6 if(str! =NULL) { 7 returnStr.replaceall ("\ r \ n", "<BR>"); 8}Else { 9 return" "; Ten } One } A /** - * Prevent cross-site scripting attacks - * Filter Sensitive characters the * Convert HTML special characters to corresponding entity characters. - */ - Public Staticstring Filter (String value) { - + if(Value = =NULL|| Value.length () = = 0) { - returnvalue; + } A atStringBuffer result =NULL; -String filtered =NULL; - for(inti = 0; I < value.length (); i++) { -Filtered =NULL; - Switch(Value.charat (i)) { - Case' < ' : inFiltered = "<"; - Break; to Case' > ' : +filtered = ">"; - Break; the Case' & ' : *Filtered = "&"; $ Break; Panax Notoginseng Case‘"‘ : -Filtered = "" "; the Break; + Case‘\‘‘ : Afiltered = "'"; the Break; + } - $ if(Result = =NULL) { $ if(Filtered! =NULL) { -result =NewStringBuffer (Value.length () + 50); - if(I > 0) { theResult.append (value.substring (0, i)); - } Wuyi result.append (filtered); the } -}Else { Wu if(Filtered = =NULL) { - Result.append (Value.charat (i)); About}Else { $ result.append (filtered); - } - } - } A returnresult = =NULL?value:result.toString (); + } the /** - * Prevent SQL injection $ * Verify that character types cannot contain special words the */ the Public Static Booleanchecknonlicetcharacters (String string) { the BooleanFlag =true; the //No single quotes allowed - if(String! =NULL&& string.indexof ("'") > 0) { inFlag =false; the } the About returnFlag; the } the /** the * Prevent SQL injection + */ - Public Staticstring Getvalidsqlpara (String string) { the if(String = =NULL|| String.Length () = = 0) { Bayi returnstring; the } the returnString.replaceall ("'", "" ")); - } - the}
JAVA Security transcoding code (including SQL injection, cross-site scripting)