在Web项目中,通常需要处理XSS,SQL注入攻击。(过滤特殊字符)
解决这个问题有两个思路:
1、在数据进入数据库之前对非法字符进行转义,在更新和显示的时候将非法字符还原
2、在显示的时候对非法字符进行转义
代码:
/// <summary>
/// 对转义字符进行处理
/// 左尖括号: < <
/// 右尖括号: > >
/// 单引号 : ' '
/// 双引号 : " "
/// (shift+7):& &
/// </summary>
public class TransferredMeaning
{
static public string Transferred(string Meaning)
{
//普通字符变换成转义字符
Meaning = Meaning.Replace("&", "&");
Meaning = Meaning.Replace("<", "<");
Meaning = Meaning.Replace(">", ">");
Meaning = Meaning.Replace("'", "'");
Meaning = Meaning.Replace("\"", """);
return Meaning;
}
static public string UnTransferred(string Meaning)
{
//转义字符变换成普通字符
Meaning = Meaning.Replace("<", "<");
Meaning = Meaning.Replace(">", ">");
Meaning = Meaning.Replace("'", "'");
Meaning = Meaning.Replace(""","\"");
Meaning = Meaning.Replace("&","&");
return Meaning;
}