SQL INJECTION

10/20/2017 - 2:45 PM

EXPRESION REGULAR PARA PREVENIR SQL INJECTION

public static String cleanQuery(String value) {
        if(value != "") {
            value = value.replaceAll("", "");
            Pattern scriptPattern = Pattern.compile("('(''|[^'])*')|(;)|(\\b(AND|OR|LIKE|WHERE|FROM|ALTER|CREATE|DELETE|DROP|EXEC(UTE){0,1}|INSERT( +INTO){0,1}|MERGE|SELECT|UPDATE|UNION( +ALL){0,1})\\b)", Pattern.CASE_INSENSITIVE);
            value = scriptPattern.matcher(value).replaceAll("");
		}
		return value;
	}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

SQL INJECTION