以前不用这种方法过滤字符串,在网上看到这种方法,好像还行,收藏一下。不过别人如果要显示像";" 的字符的时候也要替换一下
/// <summary>
/// 对输入框的特殊字串进行过滤,防止SQL注入
/// </summary>
/// <param name="strFromText">要被过滤的字符串</param>
/// <returns>过滤后的字符串</returns>
public static string SqlInsertEncode(string strFromText)
{
if (!System.String.IsNullOrEmpty(strFromText) && strFromText != "")
{
strFromText = strFromText.Replace(";", ";");
strFromText = strFromText.Replace("!", "!");
strFromText = strFromText.Replace("@", "@");
strFromText = strFromText.Replace("$", "$");
strFromText = strFromText.Replace("*", "*");
strFromText = strFromText.Replace("(", "(");
strFromText = strFromText.Replace(")", ")");
strFromText = strFromText.Replace("-", "-");
strFromText = strFromText.Replace("+", "+");
strFromText = strFromText.Replace("=", "=");
strFromText = strFromText.Replace("|", "|");
strFromText = strFromText.Replace("//", "\");
strFromText = strFromText.Replace("/", "/");
strFromText = strFromText.Replace(":", ":");
strFromText = strFromText.Replace("/"", """);
strFromText = strFromText.Replace("'", "'");
strFromText = strFromText.Replace("<", "<");
strFromText = strFromText.Replace(" ", " ");
strFromText = strFromText.Replace(">", ">");
strFromText = strFromText.Replace(" ", " ");
}
return strFromText;
}