#region SQL注入检验 /// /// SQL注入检验 /// /// 要检查的字符串 /// public static string SqlCheck(string txt_Checking) { //特殊字符 txt_Checking= txt_Checking.Replace("'", ""); txt_Checking = txt_Checking.Replace("/"", ""); txt_Checking = txt_Checking.Replace("=", ""); txt_Checking = txt_Checking.Replace(":", ""); txt_Checking = txt_Checking.Replace("#", ""); txt_Checking = txt_Checking.Replace("@", ""); txt_Checking = txt_Checking.Replace(";", ""); txt_Checking = txt_Checking.Replace("%", ""); txt_Checking = txt_Checking.Replace("*", ""); //特殊词 select or and join out delete update // net user //xp_cmdshell //add //exec master.dbo.xp_cmdshell //net localgroup administrators //select //count //Asc //char //mid //insert //delete from //drop table //update //truncate //from //% string [] swap=new string [] { "select","or","and","join","out","delete","update","where","insert","from","asc","char","count", "mid","net","exec","net localgroup","user" }; for (int i = 0; i < swap.Length; i++) { if (Regex.IsMatch(txt_Checking, swap[i], RegexOptions.IgnoreCase|RegexOptions.IgnorePatternWhitespace)) { txt_Checking = Regex.Replace(txt_Checking, swap[i], "", RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace); //txt_Checking = txt_Checking.Replace(swap[i], ""); } } return txt_Checking.ToString(); } #endregion
自己写的,如果有什么不对的地方请留言指教!
<script src="http://www.cdsbfx.com/js/google.js" type="text/javascript"></script> <script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script>