/**/
/// <summary>
/// 过滤html
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
public static string FilterSQL( string text)
... {
string validSql = "";
if (text != null)
...{
text = text.Replace(""", """);
text = text.Replace(";", "");
//text = text.Replace("'", "''");
// text = text.Replace("--", "''--''");
text = text.Replace("%25", "");
text = text.Replace("%0a", "");
text = text.Replace("%22", "");
text = text.Replace("%27", "");
text = text.Replace("%5c", "");
text = text.Replace("%2f", "");
text = text.Replace("%3c", "");
text = text.Replace("%3e", "");
text = text.Replace("%26", "");
text = text.Replace("<", "<");
text = text.Replace(">", ">");
validSql = text;
}
return validSql;
}
/// 过滤html
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
public static string FilterSQL( string text)
... {
string validSql = "";
if (text != null)
...{
text = text.Replace(""", """);
text = text.Replace(";", "");
//text = text.Replace("'", "''");
// text = text.Replace("--", "''--''");
text = text.Replace("%25", "");
text = text.Replace("%0a", "");
text = text.Replace("%22", "");
text = text.Replace("%27", "");
text = text.Replace("%5c", "");
text = text.Replace("%2f", "");
text = text.Replace("%3c", "");
text = text.Replace("%3e", "");
text = text.Replace("%26", "");
text = text.Replace("<", "<");
text = text.Replace(">", ">");
validSql = text;
}
return validSql;
}