package com.ruoyi.common.utils.sql; import com.ruoyi.common.utils.StringUtils; /** * sql operation tool class * * @author ruoyi */ public class SqlUtil { /** * Only supports letters and numbers , underscore, space, comma (supports multiple field sorting) */ public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,]+"; /** * Check characters to prevent injection bypass * / public static String escapeOrderBySql(String value) { if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) { return StringUtils.EMPTY; } return value; } /** * Verify whether the order by syntax complies with the specification */ public static boolean isValidOrderBySql(String value) { return value.matches(SQL_PATTERN); } }
Ruoyi encapsulated SqlUtil [order by to prevent sql injection, verify order by syntax rules]
Guess you like
Origin blog.csdn.net/snowing1997/article/details/131720372
Recommended
Ranking