最新清除查询字符串的危险字符

#region 清除查询字符串的危险字符
/// <summary>
/// 清除查询字符串的危险字符
/// </summary>
/// <param name="sql"></param>
/// <returns></returns>
public static string CheckSql(string sql)
{
string reSql = "";
if (sql == null)
{
return reSql;
}
else
{
reSql = sql;
reSql = reSql.ToLower().Replace("\"", "&quot;");
reSql = reSql.ToLower().Replace("<", "&lt;");
reSql = reSql.ToLower().Replace(">", "&gt;");
reSql = reSql.Replace("script", "&#115;cript");
reSql = reSql.Replace("SCRIPT", "&#083;CRIPT");
reSql = reSql.Replace("Script", "&#083;cript");
reSql = reSql.Replace("script", "&#083;cript");
reSql = reSql.Replace("object", "&#111;bject");
reSql = reSql.Replace("OBJECT", "&#079;BJECT");
reSql = reSql.Replace("Object", "&#079;bject");
reSql = reSql.Replace("object", "&#079;bject");
reSql = reSql.Replace("applet", "&#097;pplet");
reSql = reSql.Replace("APPLET", "&#065;PPLET");
reSql = reSql.Replace("Applet", "&#065;pplet");
reSql = reSql.Replace("applet", "&#065;pplet");
reSql = reSql.ToLower().Replace("[", "&#091;");
reSql = reSql.ToLower().Replace("]", "&#093;");
reSql = reSql.ToLower().Replace("=", "&#061;");
reSql = reSql.ToLower().Replace("'", "''");
reSql = reSql.ToLower().Replace("select", "select");
reSql = reSql.ToLower().Replace("execute", "&#101xecute");
reSql = reSql.ToLower().Replace("exec", "&#101xec");
reSql = reSql.ToLower().Replace("join", "join");
reSql = reSql.ToLower().Replace("union", "union");
reSql = reSql.ToLower().Replace("where", "where");
reSql = reSql.ToLower().Replace("insert", "insert");
reSql = reSql.ToLower().Replace("delete", "delete");
reSql = reSql.ToLower().Replace("update", "update");
reSql = reSql.ToLower().Replace("like", "like");
reSql = reSql.ToLower().Replace("drop", "drop");
reSql = reSql.ToLower().Replace("create", "create");
reSql = reSql.ToLower().Replace("rename", "rename");
reSql = reSql.ToLower().Replace("count", "co&#117;nt");
reSql = reSql.ToLower().Replace("chr", "c&#104;r");
reSql = reSql.ToLower().Replace("mid", "m&#105;d");
reSql = reSql.ToLower().Replace("truncate", "trunc&#097;te");
reSql = reSql.ToLower().Replace("nchar", "nch&#097;r");
reSql = reSql.ToLower().Replace("char", "ch&#097;r");
reSql = reSql.ToLower().Replace("alter", "alter");
reSql = reSql.ToLower().Replace("cast", "cast");
reSql = reSql.ToLower().Replace("exists", "e&#120;ists");
reSql = reSql.ToLower().Replace("\n", "<br>");
return reSql;
}
}
#endregion

posted @ 2013-04-19 18:53    阅读(137)  评论(0编辑  收藏  举报