防止SQL话语注入

/// <summary>   
   /// 过滤SQL非法字符串   
   /// </summary>   
   /// <param name="value"></param>   
    /// <returns></returns>   
  public static string Filter(string value)   
   {   
       if (string.IsNullOrEmpty(value))   
           return string.Empty;   
      value = Regex.Replace(value, @";", string.Empty);   
       value = Regex.Replace(value, @"'", string.Empty);   
      value = Regex.Replace(value, @"&", string.Empty);   
       value = Regex.Replace(value, @"%20", string.Empty);   
       value = Regex.Replace(value, @"--", string.Empty);   
     value = Regex.Replace(value, @"==", string.Empty);   
      value = Regex.Replace(value, @"<", string.Empty);   
       value = Regex.Replace(value, @">", string.Empty);   
       value = Regex.Replace(value, @"%", string.Empty);   
     return value;   
 }  

 

 1./// <summary>  
2.    /// 过滤SQL非法字符串  
3.    /// </summary>  
4.    /// <param name="value"></param>  
5.    /// <returns></returns>  
6.    public static string Filter(string value)  
7.    {  
8.        if (string.IsNullOrEmpty(value))  
9.            return string.Empty;  
10.        value = Regex.Replace(value, @";", string.Empty);  
11.        value = Regex.Replace(value, @"'", string.Empty);  
12.        value = Regex.Replace(value, @"&", string.Empty);  
13.        value = Regex.Replace(value, @"%20", string.Empty);  
14.        value = Regex.Replace(value, @"--", string.Empty);  
15.        value = Regex.Replace(value, @"==", string.Empty);  
16.        value = Regex.Replace(value, @"<", string.Empty);  
17.        value = Regex.Replace(value, @">", string.Empty);  
18.        value = Regex.Replace(value, @"%", string.Empty);  
19.        return value;  
20.    }