最新清除查询字符串的危险字符

转载 于 2013-04-19 18:53:00 发布
· 137 阅读 · 0 ·
版权
原文链接:http://www.cnblogs.com/woaini/archive/2013/04/19/3031303.html

#region 清除查询字符串的危险字符
/// <summary>
/// 清除查询字符串的危险字符
/// </summary>
/// <param name="sql"></param>
/// <returns></returns>
public static string CheckSql(string sql)
{
string reSql = "";
if (sql == null)
{
return reSql;
}
else
{
reSql = sql;
reSql = reSql.ToLower().Replace("\"", "&quot;");
reSql = reSql.ToLower().Replace("<", "&lt;");
reSql = reSql.ToLower().Replace(">", "&gt;");
reSql = reSql.Replace("script", "&#115;cript");
reSql = reSql.Replace("SCRIPT", "&#083;CRIPT");
reSql = reSql.Replace("Script", "&#083;cript");
reSql = reSql.Replace("script", "&#083;cript");
reSql = reSql.Replace("object", "&#111;bject");
reSql = reSql.Replace("OBJECT", "&#079;BJECT");
reSql = reSql.Replace("Object", "&#079;bject");
reSql = reSql.Replace("object", "&#079;bject");
reSql = reSql.Replace("applet", "&#097;pplet");
reSql = reSql.Replace("APPLET", "&#065;PPLET");
reSql = reSql.Replace("Applet", "&#065;pplet");
reSql = reSql.Replace("applet", "&#065;pplet");
reSql = reSql.ToLower().Replace("[", "&#091;");
reSql = reSql.ToLower().Replace("]", "&#093;");
reSql = reSql.ToLower().Replace("=", "&#061;");
reSql = reSql.ToLower().Replace("'", "''");
reSql = reSql.ToLower().Replace("select", "select");
reSql = reSql.ToLower().Replace("execute", "&#101xecute");
reSql = reSql.ToLower().Replace("exec", "&#101xec");
reSql = reSql.ToLower().Replace("join", "join");
reSql = reSql.ToLower().Replace("union", "union");
reSql = reSql.ToLower().Replace("where", "where");
reSql = reSql.ToLower().Replace("insert", "insert");
reSql = reSql.ToLower().Replace("delete", "delete");
reSql = reSql.ToLower().Replace("update", "update");
reSql = reSql.ToLower().Replace("like", "like");
reSql = reSql.ToLower().Replace("drop", "drop");
reSql = reSql.ToLower().Replace("create", "create");
reSql = reSql.ToLower().Replace("rename", "rename");
reSql = reSql.ToLower().Replace("count", "co&#117;nt");
reSql = reSql.ToLower().Replace("chr", "c&#104;r");
reSql = reSql.ToLower().Replace("mid", "m&#105;d");
reSql = reSql.ToLower().Replace("truncate", "trunc&#097;te");
reSql = reSql.ToLower().Replace("nchar", "nch&#097;r");
reSql = reSql.ToLower().Replace("char", "ch&#097;r");
reSql = reSql.ToLower().Replace("alter", "alter");
reSql = reSql.ToLower().Replace("cast", "cast");
reSql = reSql.ToLower().Replace("exists", "e&#120;ists");
reSql = reSql.ToLower().Replace("\n", "<br>");
return reSql;
}
}
#endregion

转载于:https://www.cnblogs.com/woaini/archive/2013/04/19/3031303.html

diannang4310
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值