防止SQL语句注入
2010/12/12 15:05:16 walleyekneel http://walleyekneel.javaeye.com
我要评论(0)
- 摘要:1.///<summary>2.///过滤SQL非法字符串3.///</summary>4.///<paramname="value"></param>5.///<returns></returns>6.publicstaticstringFilter(stringvalue)7.{8.if(string.IsNullOrEmpty(value))9.returnstring.Empty;10.value=Regex
- 标签:SQL SQL语句 SQL语句注入
1./// <summary>
2. /// 过滤SQL非法字符串
3. /// </summary>
4. /// <param name="value"></param>
5. /// <returns></returns>
6. public static string Filter(string value)
7. {
8. if (string.IsNullOrEmpty(value))
9. return string.Empty;
10. value = Regex.Replace(value, @";", string.Empty);
11. value = Regex.Replace(value, @"'", string.Empty);
12. value = Regex.Replace(value, @"&", string.Empty);
13. value = Regex.Replace(value, @"%20", string.Empty);
14. value = Regex.Replace(value, @"--", string.Empty);
15. value = Regex.Replace(value, @"==", string.Empty);
16. value = Regex.Replace(value, @"<", string.Empty);
17. value = Regex.Replace(value, @">", string.Empty);
18. value = Regex.Replace(value, @"%", string.Empty);
19. return value;
20. }