/// summary/// 检测是否有Sql危险字符/// /summary/// param name=str要判断字符串/param/// returns判断结果/returnspublic static bool IsSafeSqlString(string str){return !Regex.IsMatch(str, @...
/// <summary>
/// 检测是否有Sql危险字符
/// </summary>
/// <param name="str">要判断字符串</param>
/// <returns>判断结果</returns>
public static bool IsSafeSqlString(string str)
{
return !Regex.IsMatch(str, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']");
}
/// <summary>
/// 检查危险字符
/// </summary>
/// <param name="Input"></param>
/// <returns></returns>
public static string Filter(string sInput)
{
if (sInput == null || sInput == "")
return null;
string sInput1 = sInput.ToLower();
string output = sInput;
string pattern = @"*|and|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";
if (Regex.Match(sInput1, Regex.Escape(pattern), RegexOptions.Compiled | RegexOptions.IgnoreCase).Success)
{
throw new Exception("字符串中含有非法字符!");
}
else
{
output = output.Replace("'", "''");
}
return output;
}
/// <summary>
/// 检查过滤设定的危险字符
/// </summary>
/// <param name="InText">要过滤的字符串 </param>
/// <returns>如果参数存在不安全字符,则返回true </returns>
public static bool SqlFilter(string word, string InText)
{
if (InText == null)
return false;
foreach (string i in word.Split('|'))
{
if ((InText.ToLower().IndexOf(i + " ") > -1) || (InText.ToLower().IndexOf(" " + i) > -1))
{
return true;
}
}
return false;
}
沃梦达教程
本文标题为:c# 检测是否有Sql非法字符
猜你喜欢
- C# Fiddler插件实现网站离线浏览功能 2022-10-27
- C#使用NPOI对Excel数据进行导入导出 2023-06-14
- WPF使用FontAwesome字体图标 2023-06-21
- Winform中如何跨线程访问UI元素 2023-03-14
- 利用lambda表达式树优化反射详解 2023-01-06
- 基于WPF实现控件轮廓跑马灯动画效果 2023-06-27
- C#开发Windows窗体应用程序的简单操作步骤 2023-04-10
- c# 将Datatable数据导出到Excel表格中 2022-11-05
- C#Winform窗口移动方法 2023-01-06
- C#判断DLL文件是32位还是64位的示例代码 2023-05-11
