ruoyi
/
RuoYi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java. 

Signed-off-by: yi-l-i-yi-li <8995991+yi-l-i-yi-li@user.noreply.gitee.com>
This commit is contained in:
yi-l-i-yi-li 2022-08-15 11:18:10 +00:00 committed by Gitee
parent f9da2e5b87
commit c61a805792
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
View File

@ -13,8 +13,9 @@ public class SqlUtil
/** /**
* 定义常用的 sql关键字 * 定义常用的 sql关键字
* 删除管道符 "|"左边的空格空格会导致sql注入 * 删除管道符 "|"左边的空格空格会导致sql注入
* chr |mid |char |and | 去掉空格容易引起误报
*/ */
public static String SQL_REGEX = "select|insert|delete|update|drop|count|exec|chr|mid|master|truncate|char|and|declare"; public static String SQL_REGEX = "select|insert|delete|update|drop|count|exec|chr |mid |master|truncate|char |and |declare";
/** /**
* 仅支持字母数字下划线空格逗号小数点支持多个字段排序 * 仅支持字母数字下划线空格逗号小数点支持多个字段排序