C#中避免SQL中的注入式攻击(winform)
string str_Regex = @"and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators";
Regex regx = new Regex(str_Regex, RegexOptions.IgnoreCase);
if (regx.IsMatch(strsql) == true)
{
MessageBox.Show("输入内容不符合规范");
return;
}
string str_Regex = @"and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators";
Regex regx = new Regex(str_Regex, RegexOptions.IgnoreCase);
if (regx.IsMatch(strsql) == true)
{
MessageBox.Show("输入内容不符合规范");
return;
}