#region 检测是否有Sql危险字符
/// <summary>
/// 检测是否有Sql危险字符
/// </summary>
/// <param name="str">要判断字符串</param>
/// <returns>判断结果</returns>
public static bool IsSafeSqlString(string str)
{
return !Regex.IsMatch(str, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']");
}
/// <summary>
/// 检查危险字符
/// </summary>
/// <param name="Input"></param>
/// <returns></returns>
public static string Filter(string sInput)
{
if (sInput == null || sInput == "")
return null;
string sInput1 = sInput.ToLower();
string output = sInput;
string pattern = @"*|and|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";
if (Regex.Match(sInput1, Regex.Escape(pattern), RegexOptions.Compiled | RegexOptions.IgnoreCase).Success)
{
throw new Exception("字符串中含有非法字符!");
}
else
{
output = output.Replace("'", "''");
}
return output;
}
/// <summary>
/// 检查过滤设定的危险字符
/// </summary>
/// <param name="InText">要过滤的字符串 </param>
/// <returns>如果参数存在不安全字符,则返回true </returns>
public static bool SqlFilter(string word, string InText)
{
if (InText == null)
return false;
foreach (string i in word.Split('|'))
{
if ((InText.ToLower().IndexOf(i + " ") > -1) || (InText.ToLower().IndexOf(" " + i) > -1))
{
return true;
}
}
return false;
}
#endregion
#region 过滤特殊字符
/// <summary>
/// 过滤特殊字符
/// </summary>
/// <param name="Input"></param>
/// <returns></returns>
public static string Htmls(string Input)
{
if (Input != string.Empty && Input != null)
{
string ihtml = Input.ToLower();
ihtml = ihtml.Replace("<script", "<script");
ihtml = ihtml.Replace("script>", "script>");
ihtml = ihtml.Replace("<%", "<%");
ihtml = ihtml.Replace("%>", "%>");
ihtml = ihtml.Replace("<$", "<$");
ihtml = ihtml.Replace("$>", "$>");
return ihtml;
}
else
{
return string.Empty;
}
}
#endregion
