In apache commons-lang (version 2.3 and later), we provide a tool class to facilitate escape, mainly to prevent SQL injection and xss injection attacks.
Common commons-lang tool class StringEscapeUtils-wjoygz-pauls private zone
1. escapeSql provides the SQL transfer function to prevent SQL injection attacks, such as typical universal password attacks ''or 1 = 1''
1 StringBuffer SQL = new StringBuffer ("select key_sn, remark, create_date from tb_selogon_key where 1 = 1 ");
2if (! CommUtil. isEmpty (keyWord )){
3sql. append ("and like '%" + StringEscapeUtils. escapeSql (keyWord) + "% '");
2. escapeHtml/unescapeHtml escape/reverse html scripts
1System. out. println (StringEscapeUtils. escapeHtml ("<A> dddd </A> "));
2. The output result is:
<A> dddd </a>
1System. out. println (StringEscapeUtils. unescapeHtml ("<a> dddd </a> "));
2 output:
<A> ddd </A>
3. escapeJavascript/unescapeJavascript escape/reverse JavaScript scripts
1System. out. println (StringEscapeUtils. escapeJavaScript ("<SCRIPT> alert ('20140901') </SCRIPT>
2 "));
3 output:
<Script> alert ('20140901') </script>
4. escapeJava/unescapeJava converts the string to unicode encoding.
1System. out. println (StringEscapeUtils. escapeJava ("China "));
2 output:
The escape string using the escapeJava method is/u4E2D/u56FD/u5171/u4EA7/u515A.
Another example:
Import org. apache. commons. lang. StringEscapeUtils;
Public class EscapeString {
Public static void main (String [] args) throws Exception {
String str = "do not cook with firewood during APEC meetings ";
System. out. println ("The string escaped using the escapeJava method is:" + StringEscapeUtils. escapeJava (str ));
System. out. println ("the string after the definition is reversed using the unescapeJava method:" + StringEscapeUtils. unescapeJava (StringEscapeUtils. escapeJava (str )));
System. out. println ("The string escaped using the escapeHtml method is:" + StringEscapeUtils. escapeHtml (str ));
System. out. println ("the string after the meaning is reversed using the unescapeHtml method is:" + StringEscapeUtils. unescapeHtml (StringEscapeUtils. escapeHtml (str )));
System. out. println ("The string escaped using the escapeXml method is:" + StringEscapeUtils. escapeXml (str ));
System. out. println ("the string after the definition is reversed using the unescapeXml method is:" + StringEscapeUtils. unescapeXml (StringEscapeUtils. escapeXml (str )));
System. out. println ("The string escaped using the escapeJavaScript method is:" + StringEscapeUtils. escapeJavaScript (str ));
System. out. println ("the string after the meaning is reversed using the unescapeJavaScript method is:" + StringEscapeUtils. unescapeJavaScript (StringEscapeUtils. escapeJavaScript (str )));
/** The output result is as follows:
The escape string using the escapeJava method is/u4E2D/u56FD/u5171/u4EA7/u515A.
The string following the reversal of righteousness using the unescapeJava method is: when APEC is held, it is not allowed to cook with firewood.
The character string escaped using the escapeHtml method is: do not cook with firewood during APEC.
The string following the reversal of righteousness using the unescapeHtml method is: when APEC is held, it is not allowed to cook with firewood.
The character string escaped using the escapeXml method is: do not cook with firewood during APEC.
The string following the reversal of righteousness using the unescapeXml method is: when APEC is held, it is not allowed to cook with firewood.
The escape string using the escapeJavaScript method is/u4E2D/u56FD/u5171/u4EA7/u515A.
Use the unescapeJavaScript method to reverse the meaning of the string: When APEC is held, don't let the firewood cook */
}
}
Use of the common commons-lang tool class StringEscapeUtils