public static bool IsSaveStr(string inputString)
{
string SqlStr = @"and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators";
try
{
if ((inputString != null) && (inputString != String.Empty))
{
string str_Regex = @"\b(" + SqlStr + @")\b";
Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
if (true == Regex.IsMatch(inputString))
return false;
}
}
catch
{
return false;
}
return true;
}
防SQL注入方法
最新推荐文章于 2023-03-20 21:48:15 发布