//package com; // //import org.apache.commons.lang3.StringEscapeUtils; // ////apacheå·¥å…·åŒ…common-langä¸æœ‰ä¸€ä¸ªå¾ˆæœ‰ç”¨çš„å¤„ç†å—ç¬¦ä¸²çš„å·¥å…·ç±»ï¼Œå…¶ä¸ä¹‹ä¸€å°±æ˜¯StringEscapeUtils,è¿™ä¸ªå·¥å…·ç±»æ˜¯åœ¨2.3ç‰ˆæœ¬ä»¥ä¸ŠåŠ ä¸Šçš„åŽ»çš„ï¼Œåˆ©ç”¨å®ƒèƒ½å¾ˆæ–¹ä¾¿çš„è¿›è¡Œhtml,xml,Javaç‰çš„è½¬ä¹‰ä¸Žåè½¬ä¹‰ï¼Œè€Œä¸”è¿˜èƒ½å¯¹å…³é”®å—ç¬¦ä¸²è¿›è¡Œå¤„ç†é¢„é˜²SQLæ³¨å…¥ï¼Œä¸è¿‡å¥½åƒcommon-lang3.0ä»¥åŽæˆ‘çœ‹ç€å¥½åƒæ²¡è¿™ä¸ªå¤„ç†SQLè¯å¥çš„æ–¹æ³•äº†ï¼Œæƒ³ç”¨çš„è¯å‰ææ—¶å¼•å…¥å¯¹åº”çš„jaråŒ…ï¼Œä»¥ä¸‹ä¸ºå®ƒçš„éƒ¨åˆ†æ–¹æ³•ï¼š // //public class StringEscapeUtilsTest { // // public static void main(String args[]){ // // String sql="1' or '1'='1"; //// System.out.println("é˜²SQLæ³¨å…¥:"+StringEscapeUtils.escapeSql(sql)); //é˜²SQLæ³¨å…¥ //// // System.out.println("è½¬ä¹‰HTML,æ³¨æ„æ±‰å—:"+StringEscapeUtils.escapeHtml3("chenç£Š xing")); //è½¬ä¹‰HTML,æ³¨æ„æ±‰å— // System.out.println("åè½¬ä¹‰HTML:"+StringEscapeUtils.unescapeHtml3("chenç£Š xing")); //åè½¬ä¹‰HTML // // String str = "'"; // System.out.println("åè½¬ä¹‰HTML:"+StringEscapeUtils.unescapeHtml3(str)); //åè½¬ä¹‰HTML //// //// System.out.println("è½¬æˆUnicodeç¼–ç ï¼š"+StringEscapeUtils.escapeJava("é™ˆç£Šå…´")); //è½¬ä¹‰æˆUnicodeç¼–ç //// //// System.out.println("è½¬ä¹‰XMLï¼š"+StringEscapeUtils.escapeXml("é™ˆç£Šå…´")); //è½¬ä¹‰xml //// System.out.println("åè½¬ä¹‰XMLï¼š"+StringEscapeUtils.unescapeXml("é™ˆç£Šå…´")); //è½¬ä¹‰xml // // } //}