過濾非法字符
def sql_filter(sql, max_length=20):
dirty_stuff = ["\"", "\\", "/", "|", "&", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%", "$", "(", ")", "%", "@","!"]
for stuff in dirty_stuff:
sql = sql.replace(stuff, "")
return sql[:max_length]
username = "1234567890!@#!@#!@#$%======$%|&***"
username = sql_filter(username) # SQL注入
print(username)
# 輸出結果是:1234567890
檢測是否包含非法字符
import re
# username = "1234567890!@#!@#!@#$%======$%|&***"
username = "1234567890*"
# 檢測到非法字符進入if
if not re.search(u'^[_a-zA-Z0-9\u4e00-\u9fa5]+$', username):
msg = u"用戶名不可以包含非法字符(!,@,#,$,%...)"
print(msg)
參考:
https://www.cnblogs.com/cybermat/articles/473314.html
https://blog.csdn.net/weixin_30707875/article/details/99341309