C#字符串处理1

转载 于 2011-12-12 14:59:58 发布 · 556 阅读 · 0
文章标签:

#c# #string #byte #input #加密 #javascript

 
public static class SecurityUtil
    {
        /// <summary>
        /// 对字符串进行MD5加密
        /// </summary>
        /// <param name="EncryptString">需要加密的字符串</param>
        /// <returns>加密后的字符串</returns>
        public static string MD5(string EncryptString)
        {
            return FormsAuthentication.HashPasswordForStoringInConfigFile(EncryptString, "MD5");
        }

        public static string Base64Encoding(string source)
        {
            byte[] bytes = Encoding.UTF8.GetBytes(source);
            return Convert.ToBase64String(bytes);
        }

        public static string Base64Decoding(string source)
        {
            byte[] outputb = Convert.FromBase64String(source);
            return Encoding.UTF8.GetString(outputb);
        }

        public static string Escape(string str)
        {
            if (str == null)
                return String.Empty;

            StringBuilder sb = new StringBuilder();
            byte[] byteArr = System.Text.Encoding.Unicode.GetBytes(str);

            for (int i = 0; i < byteArr.Length; i += 2)
            {
                sb.Append("%u");
                sb.Append(byteArr[i + 1].ToString("X2"));//把字节转换为十六进制的字符串表现形式

                sb.Append(byteArr[i].ToString("X2"));
            }
            return sb.ToString();
        }

        public static string UnEscape(string str)
        {
            if (str == null)
                return String.Empty;

            str = str.Remove(0, 2);//删除最前面两个"%u"
            string[] strArr = str.Split(new string[] { "%u" }, StringSplitOptions.None);//以子字符串"%u"分隔
            byte[] byteArr = new byte[strArr.Length * 2];
            for (int i = 0, j = 0; i < strArr.Length; i++, j += 2)
            {
                byteArr[j + 1] = Convert.ToByte(strArr[i].Substring(0, 2), 16); //把十六进制形式的字串符串转换为二进制字节
                byteArr[j] = Convert.ToByte(strArr[i].Substring(2, 2), 16);
            }
            str = System.Text.Encoding.Unicode.GetString(byteArr); //把字节转为unicode编码
            return str;
        }

        /// <summary>
        /// 对字符串解码
        /// </summary>
        /// <param name="str"></param>
        /// <returns></returns>
        public static string Decode(string str)
        {
            str = str.Replace("<br>", "\n");
            str = str.Replace(">", ">");
            str = str.Replace("<", "<");
            str = str.Replace(" ", " ");
            str = str.Replace(""", "\"");
            return str;
        }

        /// <summary>
        /// 对字符串编码
        /// </summary>
        /// <param name="str"></param>
        /// <returns></returns>
        public static string Encode(string str)
        {
            str = str.Replace("&", "&");
            str = str.Replace("'", "''");
            str = str.Replace("\"", """);
            str = str.Replace(" ", " ");
            str = str.Replace("<", "<");
            str = str.Replace(">", ">");
            str = str.Replace("\n", "<br>");
            return str;
        }

        /// <summary>
        /// 对输入字符串进行处理,防止注入式攻击
        /// </summary>
        /// <param name="InputString">输入字符串</param>
        /// <returns>处理后的输入字符串</returns>
        private static string ConvertSql(string InputString)
        {
            InputString = InputString.Trim();
            InputString = InputString.Replace("'", "''");
            InputString = InputString.Replace(";--", "");
            InputString = InputString.Replace("=", "");
            InputString = InputString.Replace(" or ", "");
            InputString = InputString.Replace(" and ", "");
            InputString = InputString.Replace("<br/>", "");
            return InputString;
        }

        /// <summary>
        /// 对输入字符串进行防sql注入unicode编码
        /// </summary>
        /// <param name="InputString">输入字符串</param>
        /// <returns>处理后的输入字符串</returns>
        private static string UnicodeSqlString(string InputString)
        {
            InputString = InputString.Trim();
            InputString = InputString.Replace("'", "´");
            InputString = InputString.Replace(";--", ";--");
            InputString = InputString.Replace("=", "=");
            InputString = InputString.Replace(" or ", " or ");
            InputString = InputString.Replace(" and ", " and ");
            InputString = InputString.Replace(" exec ", " exec ");
            InputString = InputString.Replace("<br/>", "");
            return InputString;
        }

        /// <summary>
        /// 过滤传入的sql,防sql注入
        /// </summary>
        /// <param name="str"></param>
        /// <returns></returns>
        public static string FixSql(string str)
        {
            return UnicodeSqlString(str);
        }

        /// <summary>
        /// 过滤传入的字符串
        /// </summary>
        /// <param name="message"></param>
        /// <returns></returns>
        public static string FixMessage(string message)
        {
            message = message.Replace("\n", "");
            message = message.Replace("\"", "\\\"");
            message = message.Replace("'", "\'");

            return message;
        }

        /// <summary>
        /// 把字符串格式化为javascript可以辨认的串,主要解决换行,单引号,双引号等特殊符号
        /// 一般是在aspx页面用服务端脚步时用
        /// </summary>
        /// <param name="input"></param>
        /// <returns></returns>
        public static string FixJsStr(string input)
        {
            if (string.IsNullOrEmpty(input))
            {
                return input;
            }
            StringBuilder filtered = new StringBuilder();
            for (int i = 0; i < input.Length; i++)
            {
                string c = input.Substring(i, 1);
                if (c == "\"")
                {
                    filtered.Append("\\\"");
                }
                else if (c == "'")
                {
                    filtered.Append("\\\'");
                }
                else if (c == "\\")
                {
                    filtered.Append("\\\\");
                }
                else if (c == "\t")
                {
                    filtered.Append("\\t");
                }
                else if (c == "\n")
                {
                    filtered.Append("\\n");
                }
                else if (c == "\r")
                {
                    filtered.Append("\\r");
                }
                else if (c == "\f")
                {
                    filtered.Append("\\f");
                }
                else if (c == "\b")
                {
                    filtered.Append("\\b");
                }
                else
                {
                    filtered.Append(c);
                }
            }

            return filtered.ToString();
        }


    }

评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值