package com.pannk.mms.common.filters;


import com.pannk.mms.common.exception.BaseException;
import org.apache.commons.lang.StringUtils;

/**
 * Created by wolf on 20-11-6.
 */
public class SQLFilter {

    public static String sqlInject(String str){
        if (StringUtils.isBlank(str)){
            return null;
        }
        //去掉'|"|;|\字符
        str = StringUtils.replace(str,"'","");
        str = StringUtils.replace(str,"\"","");
        str = StringUtils.replace(str,";","");
        str = StringUtils.replace(str,"\\","");

        //转换为小写
        str = str.toLowerCase();

        //非法字符
        String[] keywords = {"master","truncate","insert","select","delete","update","declare","alter","drop"};

        //判断是否包含非法字符
        for (String keyword :keywords) {
            if (str.indexOf(keyword) != -1) {
                throw new BaseException("包含非法字符");
            }
        }
        return str;
    }
}