python 非法字符处理

def sql_filter(sql, max_length=20):
    dirty_stuff = ["\"", "\\", "/", "|", "&", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%", "$", "(", ")", "%", "@","!"]
    for stuff in dirty_stuff:
        sql = sql.replace(stuff, "")
    return sql[:max_length]

username = "1234567890!@#!@#!@#$%======$%|&***"

username = sql_filter(username)  # SQL注入
print(username)

# 输出结果是:1234567890

import re

# username = "1234567890!@#!@#!@#$%======$%|&***"
username = "1234567890*"

# 检测到非法字符进入if
if not re.search(u'^[_a-zA-Z0-9\u4e00-\u9fa5]+$', username):
    msg = u"用户名不可以包含非法字符(!,@,#,$,%...)"
    print(msg)

<h2><a id="_0"></a>过滤非法字符</h2> <pre><div class="hljs"><code class="lang-python"><span class="hljs-keyword">def</span> <span class="hljs-title function_">sql_filter</span>(<span class="hljs-params">sql, max_length=<span class="hljs-number">20</span></span>): dirty_stuff = [<span class="hljs-string">&quot;\&quot;&quot;</span>, <span class="hljs-string">&quot;\\&quot;</span>, <span class="hljs-string">&quot;/&quot;</span>, <span class="hljs-string">&quot;|&quot;</span>, <span class="hljs-string">&quot;&amp;&quot;</span>, <span class="hljs-string">&quot;*&quot;</span>, <span class="hljs-string">&quot;&#x27;&quot;</span>, <span class="hljs-string">&quot;=&quot;</span>, <span class="hljs-string">&quot;-&quot;</span>, <span class="hljs-string">&quot;#&quot;</span>, <span class="hljs-string">&quot;;&quot;</span>, <span class="hljs-string">&quot;&lt;&quot;</span>, <span class="hljs-string">&quot;&gt;&quot;</span>, <span class="hljs-string">&quot;+&quot;</span>, <span class="hljs-string">&quot;%&quot;</span>, <span class="hljs-string">&quot;$&quot;</span>, <span class="hljs-string">&quot;(&quot;</span>, <span class="hljs-string">&quot;)&quot;</span>, <span class="hljs-string">&quot;%&quot;</span>, <span class="hljs-string">&quot;@&quot;</span>,<span class="hljs-string">&quot;!&quot;</span>] <span class="hljs-keyword">for</span> stuff <span class="hljs-keyword">in</span> dirty_stuff: sql = sql.replace(stuff, <span class="hljs-string">&quot;&quot;</span>) <span class="hljs-keyword">return</span> sql[:max_length] username = <span class="hljs-string">&quot;1234567890!@#!@#!@#$%======$%|&amp;***&quot;</span> username = sql_filter(username) <span class="hljs-comment"># SQL注入</span> <span class="hljs-built_in">print</span>(username) <span class="hljs-comment"># 输出结果是:1234567890</span> </code></div></pre> <h2><a id="_17"></a>检测是否包含非法字符</h2> <pre><div class="hljs"><code class="lang-python"><span class="hljs-keyword">import</span> re <span class="hljs-comment"># username = &quot;1234567890!@#!@#!@#$%======$%|&amp;***&quot;</span> username = <span class="hljs-string">&quot;1234567890*&quot;</span> <span class="hljs-comment"># 检测到非法字符进入if</span> <span class="hljs-keyword">if</span> <span class="hljs-keyword">not</span> re.search(<span class="hljs-string">u&#x27;^[_a-zA-Z0-9\u4e00-\u9fa5]+$&#x27;</span>, username): msg = <span class="hljs-string">u&quot;用户名不可以包含非法字符(!,@,#,$,%...)&quot;</span> <span class="hljs-built_in">print</span>(msg) </code></div></pre> <p>参考：<br /> https://www.cnblogs.com/cybermat/articles/473314.html<br /> https://blog.csdn.net/weixin_30707875/article/details/99341309</p>