我们防止sql注入有这个方法,
我们在识别sql注入的时候我们需要对数据进行一系列的处理,使我们的网站安全性更高,那我们就要防止sql注入
对字符串进行替换
public static string ReplaceSqlKey(string strRequest)
{
strRequest = strRequest.ToLower();
//strRequest = strRequest.Replace(" ", "");
strRequest = strRequest.Replace("'", "''");
strRequest = strRequest.Replace("--", "");
strRequest = strRequest.Replace("select", "");
strRequest = strRequest.Replace("=", "+");
strRequest = strRequest.Replace("insert", "");
strRequest = strRequest.Replace("delete from", "");
strRequest = strRequest.Replace("count(", "");
strRequest = strRequest.Replace("drop table", "");
strRequest = strRequest.Replace("drop", "");
strRequest = strRequest.Replace("update", "");
strRequest = strRequest.Replace("delete", "");
strRequest = strRequest.Replace("truncate", "");
strRequest = strRequest.Replace("asc(", "");
strRequest = strRequest.Replace("mid(", "");
strRequest = strRequest.Replace("char(", "");
strRequest = strRequest.Replace("xp_cmdshell", "");
strRequest = strRequest.Replace("exec master", "");
strRequest = strRequest.Replace("net localgroup administrators", "");
strRequest = strRequest.Replace("and", "");
strRequest = strRequest.Replace("net user", "");
return strRequest.Trim();
}
字符串注入的时候也是不可逆性。