sqlfilter.java

云网论坛CWBBS 源码,内容丰富,学习,参考,教学的好资料,具体见内说明,

package cn.js.fan.db;

public class SQLFilter {
  public SQLFilter() {
  }

  /**
   * 分析query查询语句，生成
   * @param query String
   * @return String
   */
  public static String getCountSql(String query) {
    //query = "select distinct id from table where id=1";
    query = query.toLowerCase();
    int begin = query.indexOf(" from ");
    String query_part = query.substring(begin, query.length()).trim();
    //去除query_part中的order by 部分
    int d = -1;
    d = query_part.indexOf(" order by");
    if (d!=-1)
      query_part = query_part.substring(0,d);
    // System.out.println(query_part);

    // 分析当query中存在有distinct的情况
    d = query.indexOf(" distinct ");
    String distinct = "";//存放distinct中的域
    if (d != -1) {
      int nextspace = query.indexOf(" ", d + 10);
      if (nextspace > d) {
        distinct = query.substring(d + 10, nextspace);
      }
    }

    if (distinct.equals(""))
      query = "select count(*) " + query_part;
    else
      query = "select count(distinct " + distinct + ") " + query_part;
    //System.out.println(query);
    return query;


  }

  public static boolean isValidSqlParam(String sql) {
      if (sql.toLowerCase().indexOf(";") != -1) //防止非法植入攻击
          return false;
      return true;
  }

  public static boolean isValidSql(String sql) {
      if (sql.toLowerCase().indexOf(";delete") != -1) //防止非法删除
          return false;
      return true;
  }

  public static String sqlstr(String str) {
      if (str == null || (str.trim()).equals("")) {
          str = "\'\'";
          return str;
      }
      str = "\'" + replace(str, "\'", "\'\'") + "\'";
      return str;
  }

  /**
   * 取得sql语句中from（包括在内）后面的部分
   * @param query String
   * @return String
   */
  public static String getFromSql(String query) {
      query = query.toLowerCase();
      int begin = query.indexOf(" from ");
      String query_part = query.substring(begin, query.length()).trim();
      return query_part;
    }

    public static String replace(String strSource, String strFrom, String strTo) {
        if (strSource.equals("") || strSource == null)
            return strSource;
        String strDest = "";
        int intFromLen = strFrom.length();
        int intPos;
        if (strSource == null || (strSource.trim()).equals(""))
            return strSource;
        while ((intPos = strSource.indexOf(strFrom)) != -1) {
            strDest = strDest + strSource.substring(0, intPos);
            strDest = strDest + strTo;
            strSource = strSource.substring(intPos + intFromLen);
        }
        strDest = strDest + strSource;

        return strDest;
    }
}