Python/C++(QT/MFC)/JAVA/C# SQL注入防呆函數

Python/C++(QT/MFC)/JAVA/C# SQL注入防呆函數

Comments 0 Comment

Python/C++(QT/MFC)/JAVA/C# SQL注入防呆函數


資料來源: https://www.cnblogs.com/xu-yi/p/10587889.html [最初C#]


AI 模仿: Copilot


純C++ 

public static string ReplaceSQLChar(string str)
        {
            if (str == String.Empty)
                return String.Empty;
            str = str.Replace("'", "");
            str = str.Replace(";", "");
            str = str.Replace(",", "");
            str = str.Replace("?", "");
            str = str.Replace("<", "");
            str = str.Replace(">", "");
            str = str.Replace("(", "");
            str = str.Replace(")", "");
            str = str.Replace("@", "");
            str = str.Replace("=", "");
            str = str.Replace("+", "");
            str = str.Replace("*", "");
            str = str.Replace("&", "");
            str = str.Replace("#", "");
            str = str.Replace("%", "");
            str = str.Replace("$", "");

            //删除与数据库相关的词
            str = Regex.Replace(str, "select", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "insert", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "delete from", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "count", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "drop table", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "asc", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "char", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "xp_cmdshell", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "exec master", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "net localgroup administrators", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "net user", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "or", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "net", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "-", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "delete", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "drop", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "script", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "update", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "chr", "", RegexOptions.IgnoreCase);    
            str = Regex.Replace(str, "master", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "declare", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);

            return str;
        }

JAVA 

import java.util.regex.Pattern;
import java.util.regex.Matcher;

public class SQLCharReplacer {
    public static String replaceSQLChar(String str) {
        if (str.isEmpty())
            return "";

        String[] charsToRemove = {"'", ";", ",", "?", "<", ">", "(", ")", "@", "=", "+", "*", "&", "#", "%", "$"};
        for (String c : charsToRemove) {
            str = str.replace(c, "");
        }

        String[] patterns = {
            "select", "insert", "delete from", "count", "drop table", "truncate", "asc", "mid", "char", "xp_cmdshell",
            "exec master", "net localgroup administrators", "and", "net user", "or", "net", "-", "delete", "drop",
            "script", "update", "chr", "master", "declare"
        };

        for (String pattern : patterns) {
            str = str.replaceAll("(?i)" + pattern, "");
        }

        return str;
    }
}


C# 

public static string ReplaceSQLChar(string str)
        {
            if (str == String.Empty)
                return String.Empty;
            str = str.Replace("'", "");
            str = str.Replace(";", "");
            str = str.Replace(",", "");
            str = str.Replace("?", "");
            str = str.Replace("<", "");
            str = str.Replace(">", "");
            str = str.Replace("(", "");
            str = str.Replace(")", "");
            str = str.Replace("@", "");
            str = str.Replace("=", "");
            str = str.Replace("+", "");
            str = str.Replace("*", "");
            str = str.Replace("&", "");
            str = str.Replace("#", "");
            str = str.Replace("%", "");
            str = str.Replace("$", "");

            //删除与数据库相关的词
            str = Regex.Replace(str, "select", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "insert", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "delete from", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "count", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "drop table", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "asc", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "char", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "xp_cmdshell", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "exec master", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "net localgroup administrators", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "net user", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "or", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "net", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "-", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "delete", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "drop", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "script", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "update", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "chr", "", RegexOptions.IgnoreCase);    
            str = Regex.Replace(str, "master", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "declare", "", RegexOptions.IgnoreCase);
            str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);

            return str;
        }

MFC 

#include <afxstr.h>
#include <regex>

CString ReplaceSQLChar(CString str) {
    if (str.IsEmpty())
        return _T("");

    CString charsToRemove = _T("';,?<>@=+*&%$");
    for (int i = 0; i < charsToRemove.GetLength(); ++i) {
        str.Remove(charsToRemove[i]);
    }

    std::wregex patterns[] = {
        std::wregex(L"select", std::regex_constants::icase),
        std::wregex(L"insert", std::regex_constants::icase),
        std::wregex(L"delete from", std::regex_constants::icase),
        std::wregex(L"count", std::regex_constants::icase),
        std::wregex(L"drop table", std::regex_constants::icase),
        std::wregex(L"truncate", std::regex_constants::icase),
        std::wregex(L"asc", std::regex_constants::icase),
        std::wregex(L"mid", std::regex_constants::icase),
        std::wregex(L"char", std::regex_constants::icase),
        std::wregex(L"xp_cmdshell", std::regex_constants::icase),
        std::wregex(L"exec master", std::regex_constants::icase),
        std::wregex(L"net localgroup administrators", std::regex_constants::icase),
        std::wregex(L"and", std::regex_constants::icase),
        std::wregex(L"net user", std::regex_constants::icase),
        std::wregex(L"or", std::regex_constants::icase),
        std::wregex(L"net", std::regex_constants::icase),
        std::wregex(L"-", std::regex_constants::icase),
        std::wregex(L"delete", std::regex_constants::icase),
        std::wregex(L"drop", std::regex_constants::icase),
        std::wregex(L"script", std::regex_constants::icase),
        std::wregex(L"update", std::regex_constants::icase),
        std::wregex(L"chr", std::regex_constants::icase),
        std::wregex(L"master", std::regex_constants::icase),
        std::wregex(L"declare", std::regex_constants::icase)
    };

    for (const auto &pattern : patterns) {
        str = std::regex_replace((LPCTSTR)str, pattern, L"").c_str();
    }

    return str;
}


QT 

#include <QString>
#include <QRegularExpression>

QString ReplaceSQLChar(QString str) {
    if (str.isEmpty())
        return "";

    QStringList charsToRemove = {"'", ";", ",", "?", "<", ">", "(", ")", "@", "=", "+", "*", "&", "#", "%", "$"};
    for (const QString &c : charsToRemove) {
        str.replace(c, "");
    }

    QRegularExpression patterns[] = {
        QRegularExpression("select", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("insert", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("delete from", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("count", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("drop table", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("truncate", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("asc", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("mid", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("char", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("xp_cmdshell", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("exec master", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("net localgroup administrators", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("and", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("net user", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("or", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("net", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("-", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("delete", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("drop", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("script", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("update", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("chr", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("master", QRegularExpression::CaseInsensitiveOption),
        QRegularExpression("declare", QRegularExpression::CaseInsensitiveOption)
    };

    for (const auto &pattern : patterns) {
        str.replace(pattern, "");
    }

    return str;
}


Python 

import re

def replace_sql_char(s):
    if not s:
        return ""

    chars_to_remove = ["'", ";", ",", "?", "<", ">", "(", ")", "@", "=", "+", "*", "&", "#", "%", "$"]
    for char in chars_to_remove:
        s = s.replace(char, "")

    patterns = [
        "select", "insert", "delete from", "count", "drop table", "truncate", "asc", "mid", "char", "xp_cmdshell",
        "exec master", "net localgroup administrators", "and", "net user", "or", "net", "-", "delete", "drop",
        "script", "update", "chr", "master", "declare"
    ]

    for pattern in patterns:
        s = re.sub(pattern, "", s, flags=re.IGNORECASE)

    return s

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *