防止SQL注入，字符串过滤关键字符

public class SQLFilterTest {
    public static void main(String[] args) {
        String temp = "asdfasd哈哈哈哈哈.sdfjalsd.";
        System.out.println(doSQLFilter(temp));
    }
    //比较笨的过滤sql字符串
    public static String doSQLFilter(String str){
         str=str.replaceAll("\\.","。");
         str=str.replaceAll(":","：");
         str=str.replaceAll(";","；");
         str=str.replaceAll("&","＆");
         str=str.replaceAll("<","＜");
         str=str.replaceAll(">","＞");
         str=str.replaceAll("'","＇");
         str=str.replaceAll("\"","“");
         str=str.replaceAll("--","－－");
         str=str.replaceAll("/","／");
         str=str.replaceAll("%","％");
         str=str.replaceAll("\\+", "＋");
         str=str.replaceAll("\\(", "（");
         str=str.replaceAll("\\)", "）");
         return str;
    }
}