C# 过滤sql特殊字符串方法
来源:互联网 发布:淘宝网商贷款 编辑:程序博客网 时间:2024/05/22 05:30
/// 过滤不安全的字符串
/// </summary>
/// <param name="Str"></param>
/// <returns></returns>
publicstatic string FilteSQLStr(string Str)
{
Str = Str.Replace("'","");
Str = Str.Replace("\"","");
Str = Str.Replace("&","&");
Str = Str.Replace("<","<");
Str = Str.Replace(">",">");
Str = Str.Replace("delete","");
Str = Str.Replace("update","");
Str = Str.Replace("insert","");
return Str;
}
2.
#region 过滤 Sql 语句字符串中的注入脚本
///<summary>
/// 过滤 Sql 语句字符串中的注入脚本
///</summary>
///<param name="source">传入的字符串</param>
///<returns>过滤后的字符串</returns>
publicstatic string SqlFilter(string source)
{
//单引号替换成两个单引号
source = source.Replace("'","''");
//半角封号替换为全角封号,防止多语句执行
source = source.Replace(";",";");
//半角括号替换为全角括号
source = source.Replace("(","(");
source = source.Replace(")",")");
///////////////要用正则表达式替换,防止字母大小写得情况////////////////////
//去除执行存储过程的命令关键字
source = source.Replace("Exec","");
source = source.Replace("Execute","");
//去除系统存储过程或扩展存储过程关键字
source = source.Replace("xp_","x p_");
source = source.Replace("sp_","s p_");
//防止16进制注入
source = source.Replace("0x","0 x");
return source;
}
#endregion
3.
/// 过滤SQL字符。
///</summary>
///<param name="str">要过滤SQL字符的字符串。</param>
///<returns>已过滤掉SQL字符的字符串。</returns>
publicstatic string ReplaceSQLChar(string str)
{
if (str== String.Empty)
return String.Empty; str= str.Replace("'","‘");
str = str.Replace(";",";");
str = str.Replace(",",",");
str = str.Replace("?","?");
str = str.Replace("<","<");
str = str.Replace(">",">");
str = str.Replace("(","(");
str = str.Replace(")",")");
str = str.Replace("@","@");
str = str.Replace("=","=");
str = str.Replace("+","+");
str = str.Replace("*","*");
str = str.Replace("&","&");
str = str.Replace("#","#");
str = str.Replace("%","%");
str = str.Replace("$","¥");
return str;
}
4.
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码</param>
/// <returns>已经去除标记后的文字</returns>
public string NoHtml(string Htmlstring)
{
if (Htmlstring== null)
{
return"";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring,@"<script[^>]*?>.*?</script>","", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring,@"<(.[^>]*)>","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"([\r\n])[\s]+","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"-->","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"<!--.*","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(quot|#34);","\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(amp|#38);","&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(lt|#60);","<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(gt|#62);",">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(nbsp|#160);"," ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(iexcl|#161);","\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(cent|#162);","\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(pound|#163);","\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(copy|#169);","\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&#(\d+);","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"xp_cmdshell","", RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring,"select","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"insert","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"delete from","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"count''","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"drop table","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"truncate","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"asc","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"mid","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"char","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"xp_cmdshell","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"exec master","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"net localgroup administrators","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"and","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"net user","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"or","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"net","", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"-","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"delete","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"drop","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"script","", RegexOptions.IgnoreCase);
//特殊的字符
Htmlstring = Htmlstring.Replace("<","");
Htmlstring = Htmlstring.Replace(">","");
Htmlstring = Htmlstring.Replace("*","");
Htmlstring = Htmlstring.Replace("-","");
Htmlstring = Htmlstring.Replace("?","");
Htmlstring = Htmlstring.Replace("'","''");
Htmlstring = Htmlstring.Replace(",","");
Htmlstring = Htmlstring.Replace("/","");
Htmlstring = Htmlstring.Replace(";","");
Htmlstring = Htmlstring.Replace("*/","");
Htmlstring = Htmlstring.Replace("\r\n","");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
5.
publicstatic bool CheckBadWord(string str)
{
string pattern= @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|net user|or|and";
if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))
return true;
return false;
}
public static string Filter(string str)
{
string[] pattern={ "select","insert","delete","from","count\\(","drop table","update","truncate","asc\\(","mid\\(","char\\(","xp_cmdshell","exec master","netlocalgroup administrators","net user","or","and" };
for (int i= 0; i< pattern.Length; i++)
{
str = str.Replace(pattern[i].ToString(),"");
}
return str;
}
- C# 过滤sql特殊字符串方法
- C# 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- sql关键字过滤C#方法
- java过滤特殊字符串
- java过滤特殊字符串
- java过滤特殊字符串
- java过滤特殊字符串
- java过滤特殊字符串
- C# 过滤特殊字符
- 过滤sql特殊字符
- 过滤SQL特殊字符
- php常用过滤非法/特殊字符串的方法
- 防御SQL注入方法(2)-过滤特殊字符
- 过滤无效字符串的方法 ----------T-SQL
- php过滤特殊的字符串
- 读书笔记1:简单工厂模式
- 用Powershell调用DLL文件
- asp.net 程序自动提交登陆表单并保持Session及Cookie
- 输入jsp 文字在eclipse 中出现java.lang.stackoverflowerror
- 使用 C 突破 VB6 的字符串长度限制
- C# 过滤sql特殊字符串方法
- linq to xml简介
- 通过 LINQ to XML 使用字典
- GDB调试精粹及使用实例
- C语言编译全过程
- S5PV210 之 Sate210 VGA 测试效果(2011.11.09)
- 关于查询语句用top +变量的问题
- Java编译、动行时动态引入lib的方法
- SQL Server中获得表列等元数据信息