.NET预防SQL注入的简易代码

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Text.RegularExpressions;

public class AliceSqlFilter
{

/// <summary>/// 检查/// </summary>/// <param name="sWord">字符串</param>/// <returns>布尔值</returns>public static bool CheckKeyWordAndKeyChar(string sWord){    //关键字    string StrKeyWord = @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and|script|function|alert|location|href";    //关键字符    string StrRegex = @"[-|;|,|/|\(|\)|\[|\]|}|{|%|\@|*|!|']";    if (Regex.IsMatch(sWord, StrKeyWord, RegexOptions.IgnoreCase) || Regex.IsMatch(sWord, StrRegex))        return true;    return false;}/// <summary>/// 检查/// </summary>/// <param name="sWord">字符串</param>/// <returns>布尔值</returns>public static bool CheckKeyWord(string sWord){    //关键字    string StrKeyWord = @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and|script|function|alert|location|href";    if (Regex.IsMatch(sWord, StrKeyWord, RegexOptions.IgnoreCase))        return true;    return false;}/// <summary>/// 检查/// </summary>/// <param name="sWord">字符串</param>/// <returns>布尔值</returns>public static bool CheckKeyChar(string sWord){    //关键字符    string StrRegex = @"[-|;|,|/|\(|\)|\[|\]|}|{|%|\@|*|!|']";    if (Regex.IsMatch(sWord, StrRegex))        return true;    return false;}/// <summary>/// 替换/// </summary>/// <param name="sWord">字符串</param>/// <returns>字符串</returns>public static string RegexReplace(string sWord){    string StrKeyWord = @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and|script|function|alert|location|href";    string StrRegex = "[ ,;'()]";    sWord = Regex.Replace(sWord, StrKeyWord, "");    sWord = Regex.Replace(sWord, StrRegex, "");    return sWord;}

}