标签:servlet过滤字符串的html特殊字 servlet中读取表单 filter 过滤特殊字符
(1)在一些情况下我们在用户输入数据的时候我们要判断一下是否合法,就是要过滤一下用户输入的信息是否含有特殊字符;
(2)直接上代码,以供大家参考学习:
ServletUtilities类:
package com.lc.ch04Biaodanshuju;
import javax.servlet.http.HttpServletRequest;
public class ServletUtilities {
public static String filter(String input) {
if (!hasSpecialChars(input)) {
return(input);
}
StringBuffer filtered = new StringBuffer(input.length());
char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
switch(c) {
case '<': filtered.append("<"); break;
case '>': filtered.append(">"); break;
case '"': filtered.append("""); break;
case '&': filtered.append("&"); break;
default: filtered.append(c);
}
}
return(filtered.toString());
}
private static boolean hasSpecialChars(String input) {
boolean flag = false;
if ((input != null) && (input.length() > 0)) {
char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
switch(c) {
case '<': flag = true; break;
case '>': flag = true; break;
case '"': flag = true; break;
case '&': flag = true; break;
}
}
}
return(flag);
}
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!-- Front end to BadCodeServlet. Taken from Core Servlets and JavaServer Pages 2nd Edition from Prentice Hall and Sun Microsystems Press, http://www.coreservlets.com/. (C) 2003 Marty Hall; may be freely used or adapted. --> <HTML><HEAD><TITLE>Submit Code Sample</TITLE></HEAD> <BODY BGCOLOR="#FDF5E6"> <CENTER> <H1 ALIGN="CENTER">Submit Code Sample</H1> <FORM ACTION="/servlet/coreservlets.BadCodeServlet"> Code:<BR> <TEXTAREA ROWS="6" COLS="40" NAME="code"></TEXTAREA><P> <INPUT TYPE="SUBMIT" VALUE="Submit Code"> </FORM> </CENTER></BODY></HTML>
package com.lc.ch04Biaodanshuju;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class BadCodeServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Code Sample";
String docType =
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
"Transitional//EN\">\n";
out.println(docType +
"<HTML>\n" +
"<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" +
"<PRE>\n" +
getCode(request) +
"</PRE>\n" +
"Now, wasn't that an interesting sample\n" +
"of code?\n" +
"</BODY></HTML>");
}
protected String getCode(HttpServletRequest request) {
return(request.getParameter("code"));
}
}
标签:servlet过滤字符串的html特殊字 servlet中读取表单 filter 过滤特殊字符
原文地址:http://blog.csdn.net/xlgen157387/article/details/39076289
