package com.nationalelectric.greenH5.utils;

import org.apache.commons.lang.StringEscapeUtils;

import com.alibaba.fastjson.JSON;
import com.nationalelectric.greenH5.MyException;


public final class CheckParamUtil {

	
	public static Object checkJsonValue(Object object) throws MyException {
		
			if (object != null) {

				Object json = JSON.toJSON(object);
				String string = json.toString();
				if (string.indexOf("{") == 0 && "}".equals(String.valueOf(string.charAt(string.length() - 1)))) {
					String[] split = string.split(":");
					if (split != null) {
						for (String string2 : split) {
							if (string2.contains(",") ) {
								String[] split2 = string2.split(",");
								checkValue(split2[0]);
							}
							if (string2.contains("}")) {
								checkValue(string2);
							}
						}
					}
					
					
					// System.out.println(arg.toString());
				}
			}

		return null;
	}
	
	private static final String[] keys = "<script|alert|%3cscript|script>|script%3e|alert|window|%3cinput|<input|%3cimg|<img|iframe|<iframe|%3ciframe"
			.split("\\|");
	private static final String[] sqls = "..|select|update|\\<|\\>|\\*|\\#|delete|insert|master\\.|【|】|￥|\\^|\\$"
			.split("\\|");
	public static Object checkValue(String value) throws MyException {
		for(String key : keys){
			if(value.indexOf(key) >=0){
				key = StringEscapeUtils.escapeHtml(key);
				throw new MyException("您输入了非法字符!\r\n"+key);
			}
		}
		for(String sql : sqls){
			if(value.indexOf(sql) >=0){
				sql = StringEscapeUtils.escapeHtml(sql);
				throw new MyException("您输入了非法字符!\r\n"+sql);
			}
		}
		return null;
	}
}