asp.net 防注入 一.如果参数全为数字:// 检查字符串是否全为数字public static bool IsNum(string Str){ bool blResult = true; if (Str == "") blResult = false; else { foreach (char Char in Str) { if (!Char.IsNumber(Char)) { blResult = false; break; } } if (blResult) if (int.Parse(Str) == 0) blResult = false; } return blResult;} 应用:string Topicid = Request.QueryString["Topicid"];if (!IsNum(Topicid)) Server.Transfer("Error.aspx?ErrID=404");二.如果参数为文本.// Html转换public static string htmlstr(string chr){ if(chr==null) return ""; chr=chr.Replace("<","<"); chr=chr.Replace(">",">"); chr=chr.Replace("/n","<br>"); chr=chr.Replace("/"","""); chr=chr.Replace("'","'"); chr=chr.Replace(" "," "); chr=chr.Replace("/r",""); return(chr); }应用:string strClass = htmlstr(Request.QueryString["ClassName"]);