/// <summary>
/// 过滤字符串
/// </summary>
/// <param name="str">待处理的字符串</param>
/// <returns></returns>
public static string StrFind(string str)
{
str = System.Web.HttpContext.Current.Server.HtmlEncode(str);
string questringstr = "*|and|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";
string[] strarry = questringstr.Split('|');
for (int i = 0; i < strarry.Length; i++)
{
if (str.IndexOf(strarry[i] + " ") > 0)
{
System.Web.HttpContext.Current.Response.Write("<script language='javascript'>alert('非法操作!您的操作已经被记录,同时将收集一部分您的计算机资料。');</script>");
}
}
str = str.Replace("'", "''");
return str;
}