防止sql注入，登陆中用户名密码的过滤

//过滤用户名，密码
		//start filter--------------------
		if(instance.getUsername()!=null && instance.getPassword()!=null){
			
			System.out.println(instance.getUsername());
			System.out.println(instance.getPassword());
			
			
			String tUserName = instance.getUsername();
			String tPassword = instance.getPassword();
			 Pattern p = Pattern.compile("([~!@#$%^&\\*()_+\\-=;':\",\\./<>?|\\s]|drop|delete|truncate|and|or)");
			 
	        Matcher m = p.matcher(tUserName);   
	        if(m.find()){
	        	request.setAttribute(Constant.REQUEST_MESSAGE, "用户名或密码中有特殊字符！");
	        	return mapping.findForward(Constant.FORWARD_LOGIN);
	        }
	        tUserName = m.replaceAll("");//把符合的字符都过滤掉
	        m = p.matcher(tPassword);
	        if(m.find()){
	        	request.setAttribute(Constant.REQUEST_MESSAGE, "用户名或密码中有特殊字符！");
	        	return mapping.findForward(Constant.FORWARD_LOGIN);
	        }
	        tPassword = m.replaceAll("");            
	        
			
			instance.setUsername(tUserName);
			instance.setPassword(tPassword);
			System.out.println("------------------");
			System.out.println(instance.getUsername());
			System.out.println(instance.getPassword());
		}
		//end filter----------