写个函数调用吧 public static String validString(String in) {
if(in==null){return null;}
else{
try {
in=in.replace('\'',' ');
in=in.replaceAll("<","<");
...
in=in.trim();
return in;
}
catch(Exception e) {
System.out.println(e.toString());
return "null";
}
} }
if(in==null){return null;}
else{
try {
in=in.replace('\'',' ');
in=in.replaceAll("<","<");
...
in=in.trim();
return in;
}
catch(Exception e) {
System.out.println(e.toString());
return "null";
}
} }
同意楼上或者写一个javabean同意处理应该更好
<%
public static String validString(String in) {
if(in==null){return null;}
else{
try {
in=in.replace('\'',' ');
in=in.replaceAll("<","<");
in=in.replaceAll(">",">");
in=in.replaceAll(" "," ");
in=in.replaceAll("#_#","#__#");
in=in.replaceAll("\n","<br>");
in=in.replaceAll("<!--newLine-->","");
in=in.trim();
return in;
}
catch(Exception e) {
System.out.println(e.toString());
return "null";
}
}
}
public static String outString(String in) {
if(in==null){return null;}
else{
try {
in=in.replaceAll(" "," ");
in=in.replaceAll("#_#","#__#");
in=in.replaceAll("\n","<br>");
in=in.replaceAll("<!--newLine-->","");
in=in.trim();
return in;
}
catch(Exception e) {
System.out.println(e.toString());
return "null";
}
}
}
%>调用语句
String Book_Content = request.getParameter("body").validString;
错误:
org.apache.jasper.JasperException: Unable to compile class for JSPAn error occurred at line: 1 in the jsp file: /book/checkform.jspGenerated servlet error:
[javac] Compiling 1 source fileC:\tomcat\work\Catalina\localhost\_\org\apache\jsp\book\add_005fsave_jsp.java:63: illegal start of expression
public static String validString(String in) {
^
1 error
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:127)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:351)
org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:415)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:458)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:439)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:552)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:291)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248)
javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
在运行insert into 语句之前就要出处理好你接受的参数,至于你说的处理不了,那就只有返回给用户重新输入,这也说明你的程序的健壮性不好
add_fsave_jsp.java:63: illegal start of expression
public static String validString(String in) {
^
1 error
//替换字符
public static String insteadCode(String str,String regEx,String code){
Pattern p=Pattern.compile(regEx);
Matcher m=p.matcher(str);
String s=m.replaceAll(code);
return s;
} //把内容替换成html格式,同时过滤掉html的标签
public static String toHTML(String sourcestr){
String targetstr=insteadCode(sourcestr,">",">");
targetstr=insteadCode(targetstr,"<","<");
targetstr=insteadCode(targetstr,"\n","<br>");
targetstr=insteadCode(targetstr," "," ");
return targetstr;
}
}
调用:
//因为'是数据库中的分界符,所以要转义'
usertruename=Check.insteadCode(usertruename,"'","''");
usertruename=Check.toHTML(usertruename);
<%!
public class check{
public static String validString(String in){
if(in==null){return null;}
else{
try {
in=in.replace('\'',' ');
in=in.replaceAll("<","<");
in=in.replaceAll(">",">");
in=in.replaceAll(" "," ");
in=in.replaceAll("#_#","#__#");
in=in.replaceAll("\n","<br>");
in=in.replaceAll("<!--newLine-->","");
in=in.trim();
return in;
}
catch(Exception e) {
System.out.println(e.toString());
return "null";
}
}
}
public static String outString(String in){
if(in==null){return null;}
else{
try {
in=in.replaceAll(" "," ");
in=in.replaceAll("#_#","#__#");
in=in.replaceAll("\n","<br>");
in=in.replaceAll("<!--newLine-->","");
in=in.trim();
return in;
}
catch(Exception e) {
System.out.println(e.toString());
return "null";
}
}
}
}
%>
我这个也有错误
Generated servlet error:
[javac] Compiling 1 source fileC:\tomcat\work\Catalina\localhost\_\org\apache\jsp\book\checkform_jsp.java:13: inner classes cannot have static declarations
public static String validString(String in){
^An error occurred at line: 2 in the jsp file: /book/checkform.jspGenerated servlet error:
C:\tomcat\work\Catalina\localhost\_\org\apache\jsp\book\checkform_jsp.java:33: inner classes cannot have static declarations
public static String outString(String in){
^
2 errors
int nLen;
if(strSrc == null || (nLen = strSrc.length()) <= 0)
return "";
StringBuffer sbEnc = new StringBuffer(nLen * 2);
for(int i = 0; i < nLen; i++) {
char c;
switch(c = strSrc.charAt(i)) {
case 60: // '<'
sbEnc.append("<");
break;
case 62: // '>'
sbEnc.append(">");
break;
case 38: // '&'
sbEnc.append("&");
break;
case 34: // '"'
sbEnc.append(""");
break;
case 39: // '\''
sbEnc.append("'");
break;
case '\n':
sbEnc.append(" ");
break;
default:
sbEnc.append(c);
break;
}
}
return sbEnc.toString();
}