#coding:utf8

#在开发过程中，要对前端传过来的数据进行验证，防止sql注入攻击，其中的一个方案就是过滤用户传过来的非法的字符

def sql_filter(sql, max_length=20):

    dirty_stuff = ["\"", "\\", "/", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%", "$", "(", ")", "%", "@","!"]

    for stuff in dirty_stuff:

        sql = sql.replace(stuff, "")

    return sql[:max_length]

username = "1234567890!@#!@#!@#$%======$%"

username = sql_filter(username)  # SQL注入

print username

# 输出结果是:1234567890