JAVA对特殊字符的处理

1.在拼接原生SQL的时候，特殊字符如【'】，破坏了SQL的完整性。

public String escapeExprSpecialWord(String keyword) {    
        if (StringUtils.isNotEmpty(keyword)) {    
            String[] fbsArr = { "\\","$","(",")","*","+",".","[", "]","?","^","{","}","|","'","%" };    
            for (String key : fbsArr) {    
                if (keyword.contains(key)) {    
                    keyword = keyword.replace(key, "\\" + key);    
                }    
            }    
        }    
        return keyword;    
    }  

2.返给前端json数据，com.alibaba.fastjson.JSONObject.toJSONString()，如果内容中包含特殊字符\n,\t,\r等，会导致前端json无法正常解析。

public String formatJsonStr(String str){  
        if(StringUtils.isNotEmpty(str)){  
            String[] formatStrs = {"\t","\r","\n"};  
            for(String key:formatStrs){  
                if(str.contains(key)){  
                    str = str.replace(key, ",");  
                }  
            }  
        }  
        return str;  
    }  

3.文件上传及下载，文件名中有【,】也会导致无法下载，或下载内容为空。