sql防注入
public bool SqlSecret(string sql)
{
bool retbool=true;
sql = sql.ToUpper();
if (sql.Length == 0) return false;
string strfileter = "exec,xp_,sp_,declare,cmd,union,//,..,0x,',--,;,delete,update,>,<,script,insert,select";
strfileter = strfileter.ToUpper();
string[] arrSqlError = strfileter.Split(',');
for (int i = 0; i < arrSqlError.Length; i++)
{
if (sql.IndexOf(arrSqlError[0]) > -1)
{
retbool = false;
break;
}
}
return retbool;
}
{
bool retbool=true;
sql = sql.ToUpper();
if (sql.Length == 0) return false;
string strfileter = "exec,xp_,sp_,declare,cmd,union,//,..,0x,',--,;,delete,update,>,<,script,insert,select";
strfileter = strfileter.ToUpper();
string[] arrSqlError = strfileter.Split(',');
for (int i = 0; i < arrSqlError.Length; i++)
{
if (sql.IndexOf(arrSqlError[0]) > -1)
{
retbool = false;
break;
}
}
return retbool;
}
