防SQL注入

View Code
 1  /// <summary>
2 /// 防注入
3 /// </summary>
4 /// <param name="content">提交的内容</param>
5 /// <returns></returns>
6 public static string PreventScriptIncludeSQL(this string content)
7 {
8 int i = 0;
9 string sqlchar = "insertinto|deletefrom|altertable|update|createtable|createview|dropview|createindex|dropindex|createprocedure|dropprocedure|createtrigger|droptrigger|createschema|dropschema|createdomain|alterdomain|dropdomain|select@|declare@|print@|char(";
10 string[] sqlchars = sqlchar.Split('|');
11 for (i = 0; i < sqlchars.Length; i++)
12 {
13 content = content.Replace(" ", "").ToLower();
14 switch (sqlchars[i])
15 {
16 case "select":
17 if (content.IndexOf("select") != -1 && content.IndexOf("from") != -1)
18 content=content.Replace("select","");
19 content = content.Replace("from", "");
20 break;
21 case "update":
22 if (content.IndexOf("update") != -1 && content.IndexOf("set") != -1)
23 content = content.Replace("update", "");
24 content = content.Replace("set", "");
25 break;
26 default:
27 if (content.IndexOf(sqlchars[i]) != -1)
28 content = content.Replace(sqlchars[i], "");
29 break;
30 }
31 }
32 return content;
33 }

 

posted @ 2012-01-29 14:25  名字随意  阅读(200)  评论(0编辑  收藏  举报