@app.before_request
def before_request_api():
if request.method == 'POST':
req = request.values
for v in req.values():
v = str(v).lower()
pattern = r"\b(and|like|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|delclare|or)\b|(*|;)"
r = re.search(pattern, v)
if r:
resp = {'code': -1, 'msg': '请输入规范的参数', 'data': {}}
return jsonify(resp)
网友评论