Java中Mysql防止注入攻击
String sql = "select * from users u where u.id = ? and u.password = ?";
preparedstatement ps = connection.preparestatement(sql);
ps.setint(1,id);
ps.setstring(2,pwd);
resultset rs = ps.executequery();
正则表达式过滤:
同时过滤它们的十六进制:
String sql = "select * from users u where u.id = ? and u.password = ?";
