java过滤防止sql注入过滤

/** * 过滤特殊字符 * @author: Simon * @date: 2017年8月31日 下午1:47:56 * @param str * @return */ public static String StringFilter(String str){ str = str.replaceAll("<", "<").replaceAll(">", ">"); str = str.replaceAll("\\(", "(").replaceAll("\\)", ")"); str = str.replaceAll("'", "'"); str = str.replaceAll("eval\\((.*)\\)", ""); str = str.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); str = str.replaceAll("script", ""); return str; }