最新清除查询字符串的危险字符
#region 清除查询字符串的危险字符
/// <summary>
/// 清除查询字符串的危险字符
/// </summary>
/// <param name="sql"></param>
/// <returns></returns>
public static string CheckSql(string sql)
{
string reSql = "";
if (sql == null)
{
return reSql;
}
else
{
reSql = sql;
reSql = reSql.ToLower().Replace("\"", """);
reSql = reSql.ToLower().Replace("<", "<");
reSql = reSql.ToLower().Replace(">", ">");
reSql = reSql.Replace("script", "script");
reSql = reSql.Replace("SCRIPT", "SCRIPT");
reSql = reSql.Replace("Script", "Script");
reSql = reSql.Replace("script", "Script");
reSql = reSql.Replace("object", "object");
reSql = reSql.Replace("OBJECT", "OBJECT");
reSql = reSql.Replace("Object", "Object");
reSql = reSql.Replace("object", "Object");
reSql = reSql.Replace("applet", "applet");
reSql = reSql.Replace("APPLET", "APPLET");
reSql = reSql.Replace("Applet", "Applet");
reSql = reSql.Replace("applet", "Applet");
reSql = reSql.ToLower().Replace("[", "[");
reSql = reSql.ToLower().Replace("]", "]");
reSql = reSql.ToLower().Replace("=", "=");
reSql = reSql.ToLower().Replace("'", "''");
reSql = reSql.ToLower().Replace("select", "select");
reSql = reSql.ToLower().Replace("execute", "execute");
reSql = reSql.ToLower().Replace("exec", "exec");
reSql = reSql.ToLower().Replace("join", "join");
reSql = reSql.ToLower().Replace("union", "union");
reSql = reSql.ToLower().Replace("where", "where");
reSql = reSql.ToLower().Replace("insert", "insert");
reSql = reSql.ToLower().Replace("delete", "delete");
reSql = reSql.ToLower().Replace("update", "update");
reSql = reSql.ToLower().Replace("like", "like");
reSql = reSql.ToLower().Replace("drop", "drop");
reSql = reSql.ToLower().Replace("create", "create");
reSql = reSql.ToLower().Replace("rename", "rename");
reSql = reSql.ToLower().Replace("count", "count");
reSql = reSql.ToLower().Replace("chr", "chr");
reSql = reSql.ToLower().Replace("mid", "mid");
reSql = reSql.ToLower().Replace("truncate", "truncate");
reSql = reSql.ToLower().Replace("nchar", "nchar");
reSql = reSql.ToLower().Replace("char", "char");
reSql = reSql.ToLower().Replace("alter", "alter");
reSql = reSql.ToLower().Replace("cast", "cast");
reSql = reSql.ToLower().Replace("exists", "exists");
reSql = reSql.ToLower().Replace("\n", "<br>");
return reSql;
}
}
#endregion