private String_do_judge judge; if (judge.isContain(key)) { return "feifa"; }
上面这写代码添加到进入action会进入的方法里面。
java:
package domain.service; /** * * @date 2015年9月22日 13:29:46 * @author yangk 此方法用作判断非法字符串 */ public class String_do_judge { public static boolean isContain(String s1) { String[] s2 = { "|", "&", ";", "$", "%", "@", "\'", "\"", "<", ">", "(", ")", "+", "CR", "LF", ",", ".", "SELECT", "FROM", "UPDATE", "DELETE", "UNION", "WHERE","script","document","eval" }; for (String illegal : s2) { boolean doJudge = s1.equalsIgnoreCase(illegal); if (doJudge == true) { return true; } } return false; } }
jsp:
<%@ page contentType="text/html;charset=gbk"%> <%@ taglib uri="webwork" prefix="ww" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>芜湖市人民政府政务服务中心</title> <SCRIPT language=JavaScript src="../js/stm31.js" type=text/javascript></SCRIPT> <script language="javascript"> if (confirm("您正在试图非法访问,请重新访问!")) { history.go(-1); } else { history.go(-1); } </script> </head> <body> </body>
xml:
<result name="feifa">/consultation/feifa.jsp</result>