During the SQL assembly process, special external parameters need to be assembled into SQL statements. If the parameters passed in externally contain SQL keywords, the hacker uses this vulnerability to inject SQL script statements to delete or steal data.
SQL keyword script check regular expression
\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\b|(\*|;|\+|'|%)
Java Language
/**
* Whether it contains SQL injection, return true to indicate that it contains
* @param obj
* @return
*/
public static boolean containsSqlInjection(Object obj){
Pattern pattern= ("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)");
Matcher matcher=(());
return ();
}
Unit Testing
@Test
public void testContainsSqlInjection(){
boolean b1=("and nm=1");
assertEquals("b1 is not true",true,b1);
boolean b2=("niamsh delete from ");
assertEquals("b2 is not true",true,b2);
boolean b3=("stand");
assertEquals("b3 is not false",false,b3);
boolean b4=("and");
assertEquals("b4 is not true",true,b4);
boolean b5=("niasdm%asjdj");
assertEquals("b5 is not true",true,b5);
}
Summarize
The above is the regular expression of the SQL keyword script check introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message. The editor will reply to everyone in time!