在doFilter方法中编写判断逻辑
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//获取请求对象中的参数名称
Enumeration enu = request.getParameterNames();
//遍历枚举
while (enu.hasMoreElements()) {
//取参数名
String paraName = (String)enu.nextElement();
//取参数值并校验
if (isSqlInject(request.getParameter(paraName))) {
return;
}
}
//校验完毕,放行
chain.doFilter(request, response);
}
