|
|
@@ -31,6 +31,8 @@ import java.lang.reflect.Method;
|
|
|
import java.lang.reflect.Type;
|
|
|
import java.math.BigDecimal;
|
|
|
import java.math.BigInteger;
|
|
|
+import java.text.ParseException;
|
|
|
+import java.text.SimpleDateFormat;
|
|
|
import java.util.*;
|
|
|
|
|
|
import static com.alibaba.fastjson.util.TypeUtils.*;
|
|
|
@@ -364,11 +366,35 @@ public class JSONObject extends JSON implements Map<String, Object>, Cloneable,
|
|
|
|
|
|
public String getStringValue(String key, boolean Keepspecialcharacters, String defValue) {
|
|
|
Object value = get(key);
|
|
|
- if (value == null||value.toString().isEmpty()) {
|
|
|
+ if (value == null || value.toString().isEmpty()) {
|
|
|
return defValue;
|
|
|
}
|
|
|
if (!Keepspecialcharacters) {
|
|
|
value = value.toString().replaceAll("([';])+|(--)+", "");//去除特殊字符,防止sql注入
|
|
|
+ }else{
|
|
|
+ value = value.toString().replace("'", "\\'");
|
|
|
+ }
|
|
|
+ return value.toString();
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * 验证是否为时间格式
|
|
|
+ * @param key
|
|
|
+ * @param pattern
|
|
|
+ * @param defValue
|
|
|
+ * @return
|
|
|
+ */
|
|
|
+ public String getStringValueForDate(String key, String pattern, String defValue) {
|
|
|
+ Object value = get(key);
|
|
|
+ if (value == null || value.toString().isEmpty()) {
|
|
|
+ return defValue;
|
|
|
+ }
|
|
|
+ SimpleDateFormat sdf = new SimpleDateFormat(pattern);
|
|
|
+ try {
|
|
|
+ sdf.parse(value.toString());
|
|
|
+ } catch (ParseException e) {
|
|
|
+ e.printStackTrace();
|
|
|
+ return defValue;
|
|
|
}
|
|
|
return value.toString();
|
|
|
}
|
|
|
@@ -380,6 +406,8 @@ public class JSONObject extends JSON implements Map<String, Object>, Cloneable,
|
|
|
}
|
|
|
if (!Keepspecialcharacters) {
|
|
|
value = value.toString().replaceAll("([';])+|(--)+", "");//去除特殊字符,防止sql注入
|
|
|
+ }else{
|
|
|
+ value = value.toString().replace("'", "\\'");
|
|
|
}
|
|
|
return value.toString();
|
|
|
}
|
|
|
@@ -397,7 +425,6 @@ public class JSONObject extends JSON implements Map<String, Object>, Cloneable,
|
|
|
if (!Keepspecialcharacters) {
|
|
|
value = value.toString().replaceAll("([';])+|(--)+", "");//去除特殊字符,防止sql注入
|
|
|
} else {
|
|
|
- // value = value.toString().replace("'", "''");
|
|
|
value = value.toString().replace("'", "\\'");
|
|
|
}
|
|
|
return value.toString();
|
沈静伟