/// <summary> |
|
/// SQL注入字符清理 |
|
/// </summary> |
|
/// <param name="value">需要清理的字符串</param> |
|
/// <returns></returns> |
|
public static string SqlTextClear(string value) |
|
{ |
|
string[] replaceStr = new string[] { ",", "<", ">", "--", "‘", "\"", "=", "%", " " }; |
|
foreach (var item in replaceStr) |
|
{ |
|
value = value.Replace(item, ""); |
|
} |
|
return value; |
|
} |
|
/// <summary> |
|
/// 替换特殊字符,防SQL注入 |
|
/// </summary> |
|
/// <param name="str"></param> |
|
/// <returns></returns> |
|
public static string ReplaceSQLChar(string str) |
|
{ |
|
if (string.IsNullOrEmpty(str)) |
|
return ""; |
|
|
|
str = str.Replace("‘", ""); |
|
str = str.Replace(";", ""); |
|
str = str.Replace(",", ""); |
|
str = str.Replace("?", ""); |
|
str = str.Replace("<", ""); |
|
str = str.Replace(">", ""); |
|
str = str.Replace("(", ""); |
|
str = str.Replace(")", ""); |
|
str = str.Replace("@", ""); |
|
str = str.Replace("=", ""); |
|
str = str.Replace("+", ""); |
|
str = str.Replace("*", ""); |
|
str = str.Replace("&", ""); |
|
str = str.Replace("#", ""); |
|
str = str.Replace("%", ""); |
|
str = str.Replace("$", ""); |
|
|
|
//删除与数据库相关的词 |
|
str = Regex.Replace(str, "select", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "insert", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "delete from", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "count", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "drop table", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "asc", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "char", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "xp_cmdshell", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "exec master", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "net localgroup administrators", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "net user", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "or", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "net", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "-", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "delete", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "drop", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "script", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "update", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "and", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "chr", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "master", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "declare", "", RegexOptions.IgnoreCase); |
|
str = Regex.Replace(str, "mid", "", RegexOptions.IgnoreCase); |
|
|
|
return str; |
|
} |