防止SQL话语注入
/// <summary> /// 过滤SQL非法字符串 /// </summary> /// <param name="value"></param> /// <returns></returns> public static string Filter(string value) { if (string.IsNullOrEmpty(value)) return string.Empty; value = Regex.Replace(value, @";", string.Empty); value = Regex.Replace(value, @"'", string.Empty); value = Regex.Replace(value, @"&", string.Empty); value = Regex.Replace(value, @"%20", string.Empty); value = Regex.Replace(value, @"--", string.Empty); value = Regex.Replace(value, @"==", string.Empty); value = Regex.Replace(value, @"<", string.Empty); value = Regex.Replace(value, @">", string.Empty); value = Regex.Replace(value, @"%", string.Empty); return value; }
1./// <summary>
2. /// 过滤SQL非法字符串
3. /// </summary>
4. /// <param name="value"></param>
5. /// <returns></returns>
6. public static string Filter(string value)
7. {
8. if (string.IsNullOrEmpty(value))
9. return string.Empty;
10. value = Regex.Replace(value, @";", string.Empty);
11. value = Regex.Replace(value, @"'", string.Empty);
12. value = Regex.Replace(value, @"&", string.Empty);
13. value = Regex.Replace(value, @"%20", string.Empty);
14. value = Regex.Replace(value, @"--", string.Empty);
15. value = Regex.Replace(value, @"==", string.Empty);
16. value = Regex.Replace(value, @"<", string.Empty);
17. value = Regex.Replace(value, @">", string.Empty);
18. value = Regex.Replace(value, @"%", string.Empty);
19. return value;
20. }