排除SQL非法字符

private static string[] StrBadWord()
{
string[] Bad = new string[] { "'", "\"", ";", "--", ",", "!", "~", "@", "$", "%", "^", "/", " ", "_", ">", "<" };
return Bad;
}

/// <summary>
/// 检查SQL是否存在非法 True包含非法字符，False不包含
/// </summary>
/// <param name="getkeys">字符串</param>
/// <returns>True包含非法字符，False不包含</returns>
public static bool CheckSQL(string getKeys)
{
if (string.IsNullOrEmpty(getKeys))
{
return false;
}
string[] SBW = StrBadWord();
bool IsOk = false;
foreach (string str in SBW)
{
if (getKeys.Contains(str))
{
IsOk = true;
return IsOk;
}
}
return IsOk;
}

posted on 2013-08-05 21:37 奋斗的笨小孩阅读(1018) 评论(0) 编辑收藏举报