你的过滤方法为什么没有写完整?
感觉应该弄成这样好点:
public static String filter(String input){
StringBuffer filtered = null;
input = nvl(input,"");
filtered = new StringBuffer(input.length()); char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
if (c == '<') {
filtered.append("<");
} else if (c == '>') {
filtered.append(">");
} else if (c == '"') {
filtered.append(""");
} else if (c == '&') {
filtered.append("&");
} else {
filtered.append(c);
}
return(filtered.toString());
}
}
用的时候
public void doFilter(ServletRequest request,ServletResponse response,FilterChain fc)throws ServletException, IOException{
String ls_request=?????;
String filtered_ls_request=filter(ls_request);
fc.doFilter(request, response);
}
以上我没试过 仅供参考
感觉应该弄成这样好点:
public static String filter(String input){
StringBuffer filtered = null;
input = nvl(input,"");
filtered = new StringBuffer(input.length()); char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
if (c == '<') {
filtered.append("<");
} else if (c == '>') {
filtered.append(">");
} else if (c == '"') {
filtered.append(""");
} else if (c == '&') {
filtered.append("&");
} else {
filtered.append(c);
}
return(filtered.toString());
}
}
用的时候
public void doFilter(ServletRequest request,ServletResponse response,FilterChain fc)throws ServletException, IOException{
String ls_request=?????;
String filtered_ls_request=filter(ls_request);
fc.doFilter(request, response);
}
以上我没试过 仅供参考
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货