sql注入
str = str.Replace("'", "''");
str = str.Replace(";", "");
str = str.Replace("%", "/%");
str = str.Replace("_", "/_");
return str;
//string key = this.txt_Key_Name.Text.Trim();
//key = key.Replace("'", "''").Replace("%", "/%").Replace("_", "/_");
//strWhere.Append(" AND (REF_NAME like '%" + key + "%' ESCAPE '/' OR REF_NAME2 like '%" + key + "%' ESCAPE '/' OR KEY_NAME like '%" + key + "%' ESCAPE '/' ) ");
str = str.Replace(";", "");
str = str.Replace("%", "/%");
str = str.Replace("_", "/_");
return str;
//string key = this.txt_Key_Name.Text.Trim();
//key = key.Replace("'", "''").Replace("%", "/%").Replace("_", "/_");
//strWhere.Append(" AND (REF_NAME like '%" + key + "%' ESCAPE '/' OR REF_NAME2 like '%" + key + "%' ESCAPE '/' OR KEY_NAME like '%" + key + "%' ESCAPE '/' ) ");