python 学习整理

1、字符串过滤方法：

def escape(s):
    keyword = ('select ', 'insert ', 'update ', 'delete ', 'replace ', 'CREATE ', 'DROP ', 'RELOAD ', 'SHUTDOWN ', 'PROCESS ', 'FILE ', 'REFERENCES ', 'INDEX ', 'ALTER ', 'SHOW DATABASES ', 'SUPER ', 'CREATE TEMPORARY TABLES ', 'LOCK TABLES ', 'REPLICATION SLAVE ', 'REPLICATION CLIENT ', 'CREATE VIEW ', 'SHOW VIEW ', 'CREATE ROUTINE ', 'ALTER ROUTINE ', 'EXECUTE ', 'union ', 'load_file ', 'into ', 'outfile ', '--', '%')
    if map(lambda x: x.lower() in s.lower(), keyword).count(True):
        raise LogicError(setting.ERROR, 'sql inject')
    return escape_string(s)

posted @ 2013-03-11 16:20 欧麦噶地阅读(158) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

欧麦噶地

python 学习整理

公告