如何防止sql危险字符注入

防止sql危险字符注入的方法：

将危险字符替换掉，代码示例如下：

public class Checkstr {
public String dostring(String str){
str=str.replaceAll(";","");
str=str.replaceAll("&","&");
str=str.replaceAll("<","<");
str=str.replaceAll(">",">");
str=str.replaceAll("'","");
str=str.replaceAll("--","");
str=str.replaceAll("/","");
str=str.replaceAll("%","");
return str;
}
}