编辑代码 

#include <stdio.h>
#include <string.h>
#define FAILURE                  -1    ///<  通用:失败
#define SUCCESS                   0 
#define RETURN_VAL_IF_FAIL(expr, val) do { if (!(expr)) { return val; }} while (0)
typedef char str64[64]; 

int check_valid_char(const char* str){
    if(str == NULL){
        return -1;
    }
    char whiteStr[] = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ._/";
    int i = 0;
    char *p = NULL;

    for(i=0;i<strlen(str);i++){
        p = strchr(whiteStr, str[i]);
        if(p == NULL){
            return -1;
        }
    }
    return 0;
}
int pr_lower(){
    for(int i=0;i<26;i++){
        printf("%c", 'a'+i);
        
    }
    printf("\n");
    for(int j=0;j<26;j++){
        printf("%c", 'A'+j);
        
    }
    return 0;
}

// 查找字符串中是否有子串 
int str_find(const char *strhead, const char *strlet) {
    if (strhead == NULL || strlet == NULL) {
        return FAILURE;
    }
    if ((strstr(strhead, strlet)) == NULL) {
        return FAILURE;
    } else {
        return SUCCESS;
    }
}


int is_cmd_inject(char *sql){
    int i = 0;
    int ret = 0;
    char *key[6] = { ";","&","&&","|","||","<"};
    for(i=0; i<6; i++){
        ret = str_find(sql, key[i]);
        if(ret == SUCCESS){
            return FAILURE;//危险字符串存在
        }
    }
    return SUCCESS;
}

int check_sql(char *sql){
    int i = 0;
    int ret = 0;
    char *key[9] = { "%","union","|","&","^" ,"#","/*","*/","'or'"};
    for(i=0; i<9; i++){
        ret = str_find(sql, key[i]);
        if(ret == SUCCESS){
            return FAILURE;//子串存在
        }
    }
    return SUCCESS;
}

int is_path_tra(char *str){
    int i = 0;
    int ret = 0;
    char *strlet[1] = { "../"};
    for(i=0; i<1; i++){
        ret = str_find(str, strlet[i]);
        if(ret == SUCCESS){
            return FAILURE;//路径穿越字符串存在
        }
    }
    return SUCCESS;
}

int is_xpath_inject(char *str){
    if(str == NULL){
        return FAILURE;
    }

    int i = 0;
    int ret = 0;
    char *items[6] = {"'","//", "contains", "text", "not", "starts-with"};

    for(i=0; i<6; i++){
        printf("%s\n",items[i]);
        ret = str_find(str, items[i]);
        if(ret == SUCCESS){
            return SUCCESS;//xpath字符串存在
        }
    }
    return FAILURE;
}

int main () {
    char *str1 = "/download/web_export/mains_on_rec_2023_01_13_09_30_10.zip(select /**/)../";
    char *str2 = "or*[(@name,qq)]or";
    char *str3 = "xyq'or'1";
    char *str4 = "zte2'or(select/**/substr(sqlite))'";
    str64 str5 = "12334454";
    // char *str =NULL;
    int ret = is_cmd_inject(str5) ;
    if(ret == SUCCESS){
        printf("合法");
    }else{
        printf("不合法");
    }
    // pr_lower();
    return 0;
}