Python/C++(QT/MFC)/JAVA/C# SQL注入防呆函數
Python/C++(QT/MFC)/JAVA/C# SQL注入防呆函數
資料來源: https://www.cnblogs.com/xu-yi/p/10587889.html [最初C#]
AI 模仿: Copilot
純C++
public static string ReplaceSQLChar(string str)
{
if (str == String.Empty)
return String.Empty;
str = str.Replace("'", "");
str = str.Replace(";", "");
str = str.Replace(",", "");
str = str.Replace("?", "");
str = str.Replace("<", "");
str = str.Replace(">", "");
str = str.Replace("(", "");
str = str.Replace(")", "");
str = str.Replace("@", "");
str = str.Replace("=", "");
str = str.Replace("+", "");
str = str.Replace("*", "");
str = str.Replace("&", "");
str = str.Replace("#", "");
str = str.Replace("%", "");
str = str.Replace("$", "");
//删除与数据库相关的词
str = Regex.Replace(str, "select", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "insert", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "delete from", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "count", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "drop table", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "asc", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "char", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "xp_cmdshell", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "exec master", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "net localgroup administrators", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "net user", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "or", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "net", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "-", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "delete", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "drop", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "script", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "update", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "chr", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "master", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "declare", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);
return str;
}
JAVA
import java.util.regex.Pattern;
import java.util.regex.Matcher;
public class SQLCharReplacer {
public static String replaceSQLChar(String str) {
if (str.isEmpty())
return "";
String[] charsToRemove = {"'", ";", ",", "?", "<", ">", "(", ")", "@", "=", "+", "*", "&", "#", "%", "$"};
for (String c : charsToRemove) {
str = str.replace(c, "");
}
String[] patterns = {
"select", "insert", "delete from", "count", "drop table", "truncate", "asc", "mid", "char", "xp_cmdshell",
"exec master", "net localgroup administrators", "and", "net user", "or", "net", "-", "delete", "drop",
"script", "update", "chr", "master", "declare"
};
for (String pattern : patterns) {
str = str.replaceAll("(?i)" + pattern, "");
}
return str;
}
}
C#
public static string ReplaceSQLChar(string str)
{
if (str == String.Empty)
return String.Empty;
str = str.Replace("'", "");
str = str.Replace(";", "");
str = str.Replace(",", "");
str = str.Replace("?", "");
str = str.Replace("<", "");
str = str.Replace(">", "");
str = str.Replace("(", "");
str = str.Replace(")", "");
str = str.Replace("@", "");
str = str.Replace("=", "");
str = str.Replace("+", "");
str = str.Replace("*", "");
str = str.Replace("&", "");
str = str.Replace("#", "");
str = str.Replace("%", "");
str = str.Replace("$", "");
//删除与数据库相关的词
str = Regex.Replace(str, "select", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "insert", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "delete from", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "count", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "drop table", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "asc", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "char", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "xp_cmdshell", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "exec master", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "net localgroup administrators", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "net user", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "or", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "net", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "-", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "delete", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "drop", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "script", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "update", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "chr", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "master", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "declare", "", RegexOptions.IgnoreCase);
str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase);
return str;
}
MFC
#include <afxstr.h>
#include <regex>
CString ReplaceSQLChar(CString str) {
if (str.IsEmpty())
return _T("");
CString charsToRemove = _T("';,?<>@=+*&%$");
for (int i = 0; i < charsToRemove.GetLength(); ++i) {
str.Remove(charsToRemove[i]);
}
std::wregex patterns[] = {
std::wregex(L"select", std::regex_constants::icase),
std::wregex(L"insert", std::regex_constants::icase),
std::wregex(L"delete from", std::regex_constants::icase),
std::wregex(L"count", std::regex_constants::icase),
std::wregex(L"drop table", std::regex_constants::icase),
std::wregex(L"truncate", std::regex_constants::icase),
std::wregex(L"asc", std::regex_constants::icase),
std::wregex(L"mid", std::regex_constants::icase),
std::wregex(L"char", std::regex_constants::icase),
std::wregex(L"xp_cmdshell", std::regex_constants::icase),
std::wregex(L"exec master", std::regex_constants::icase),
std::wregex(L"net localgroup administrators", std::regex_constants::icase),
std::wregex(L"and", std::regex_constants::icase),
std::wregex(L"net user", std::regex_constants::icase),
std::wregex(L"or", std::regex_constants::icase),
std::wregex(L"net", std::regex_constants::icase),
std::wregex(L"-", std::regex_constants::icase),
std::wregex(L"delete", std::regex_constants::icase),
std::wregex(L"drop", std::regex_constants::icase),
std::wregex(L"script", std::regex_constants::icase),
std::wregex(L"update", std::regex_constants::icase),
std::wregex(L"chr", std::regex_constants::icase),
std::wregex(L"master", std::regex_constants::icase),
std::wregex(L"declare", std::regex_constants::icase)
};
for (const auto &pattern : patterns) {
str = std::regex_replace((LPCTSTR)str, pattern, L"").c_str();
}
return str;
}
QT
#include <QString>
#include <QRegularExpression>
QString ReplaceSQLChar(QString str) {
if (str.isEmpty())
return "";
QStringList charsToRemove = {"'", ";", ",", "?", "<", ">", "(", ")", "@", "=", "+", "*", "&", "#", "%", "$"};
for (const QString &c : charsToRemove) {
str.replace(c, "");
}
QRegularExpression patterns[] = {
QRegularExpression("select", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("insert", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("delete from", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("count", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("drop table", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("truncate", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("asc", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("mid", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("char", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("xp_cmdshell", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("exec master", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("net localgroup administrators", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("and", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("net user", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("or", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("net", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("-", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("delete", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("drop", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("script", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("update", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("chr", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("master", QRegularExpression::CaseInsensitiveOption),
QRegularExpression("declare", QRegularExpression::CaseInsensitiveOption)
};
for (const auto &pattern : patterns) {
str.replace(pattern, "");
}
return str;
}
Python
import re
def replace_sql_char(s):
if not s:
return ""
chars_to_remove = ["'", ";", ",", "?", "<", ">", "(", ")", "@", "=", "+", "*", "&", "#", "%", "$"]
for char in chars_to_remove:
s = s.replace(char, "")
patterns = [
"select", "insert", "delete from", "count", "drop table", "truncate", "asc", "mid", "char", "xp_cmdshell",
"exec master", "net localgroup administrators", "and", "net user", "or", "net", "-", "delete", "drop",
"script", "update", "chr", "master", "declare"
]
for pattern in patterns:
s = re.sub(pattern, "", s, flags=re.IGNORECASE)
return s