1、字符串过滤方法:
def escape(s): keyword = ('select ', 'insert ', 'update ', 'delete ', 'replace ', 'CREATE ', 'DROP ', 'RELOAD ', 'SHUTDOWN ', 'PROCESS ', 'FILE ', 'REFERENCES ', 'INDEX ', 'ALTER ', 'SHOW DATABASES ', 'SUPER ', 'CREATE TEMPORARY TABLES ', 'LOCK TABLES ', 'REPLICATION SLAVE ', 'REPLICATION CLIENT ', 'CREATE VIEW ', 'SHOW VIEW ', 'CREATE ROUTINE ', 'ALTER ROUTINE ', 'EXECUTE ', 'union ', 'load_file ', 'into ', 'outfile ', '--', '%') if map(lambda x: x.lower() in s.lower(), keyword).count(True): raise LogicError(setting.ERROR, 'sql inject') return escape_string(s)