package cn.fscode.commons.tool.core;

import cn.fscode.commons.tool.core.exception.UtilException;
import java.util.regex.Pattern;

/* loaded from: input_file:cn/fscode/commons/tool/core/SqlUtils.class */
public class SqlUtils {
    public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";
    public static Pattern sqlInjectionPattern = Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|\"|%)");

    public static String escapeOrderBySql(String str) {
        if (!StringUtils.isNotEmpty(str) || isValidOrderBySql(str)) {
            return str;
        }
        throw new UtilException("参数不符合规范，不能进行查询");
    }

    public static boolean isValidOrderBySql(String str) {
        return str.matches(SQL_PATTERN);
    }

    public static boolean containsSqlInjection(String str) {
        return sqlInjectionPattern.matcher(str).find();
    }
}
