一个防止SQL注入字符串处理函数
private static Regex FilterInjectionRegex;
public static string FilterInjection(string s)
{
s = s.Replace("'", "''");
if (FilterInjectionRegex == null)
FilterInjectionRegex = new Regex(@"%3D|=|%27|%2D|--|%3B|;", RegexOptions.IgnoreCase);
if (FilterInjectionRegex.IsMatch(s))
{
return "";
}
else
return s;
}
public static string FilterInjection(string s)
{
s = s.Replace("'", "''");
if (FilterInjectionRegex == null)
FilterInjectionRegex = new Regex(@"%3D|=|%27|%2D|--|%3B|;", RegexOptions.IgnoreCase);
if (FilterInjectionRegex.IsMatch(s))
{
return "";
}
else
return s;
}