View Code
1 /// <summary> 2 /// 防注入 3 /// </summary> 4 /// <param name="content">提交的内容</param> 5 /// <returns></returns> 6 public static string PreventScriptIncludeSQL(this string content) 7 { 8 int i = 0; 9 string sqlchar = "insertinto|deletefrom|altertable|update|createtable|createview|dropview|createindex|dropindex|createprocedure|dropprocedure|createtrigger|droptrigger|createschema|dropschema|createdomain|alterdomain|dropdomain|select@|declare@|print@|char(";10 string[] sqlchars = sqlchar.Split('|');11 for (i = 0; i < sqlchars.Length; i++)12 {13 content = content.Replace(" ", "").ToLower();14 switch (sqlchars[i])15 {16 case "select":17 if (content.IndexOf("select") != -1 && content.IndexOf("from") != -1)18 content=content.Replace("select","");19 content = content.Replace("from", "");20 break;21 case "update":22 if (content.IndexOf("update") != -1 && content.IndexOf("set") != -1)23 content = content.Replace("update", "");24 content = content.Replace("set", "");25 break;26 default:27 if (content.IndexOf(sqlchars[i]) != -1)28 content = content.Replace(sqlchars[i], "");29 break;30 }31 }32 return content;33 }
来源:https://www.cnblogs.com/xunqi2012/archive/2012/01/29/2331139.html