//过滤危险字符
public static final String filterStr(String str){
str=str.replaceAll(";","");
str=str.replaceAll("&","&");
str=str.replaceAll("<","<");
str=str.replaceAll(">",">");
str=str.replaceAll("'","");
str=str.replaceAll("--"," ");
str=str.replaceAll("/","");
str=str.replaceAll("%","");
return str;
}