过滤特殊字符的方法
来源:互联网 发布:滬深300指数每日数据 编辑:程序博客网 时间:2024/05/21 17:44
1.
/// <summary>
/// 过滤不安全的字符串
/// </summary>
/// <param name="Str"></param>
/// <returns></returns>
publicstatic string FilteSQLStr(string Str)
{
Str = Str.Replace("'","");
Str = Str.Replace("\"","");
Str = Str.Replace("&","&");
Str = Str.Replace("<","<");
Str = Str.Replace(">",">");
Str = Str.Replace("delete","");
Str = Str.Replace("update","");
Str = Str.Replace("insert","");
return Str;
}
2.
#region 过滤 Sql 语句字符串中的注入脚本
/// <summary>
/// 过滤 Sql 语句字符串中的注入脚本
/// </summary>
/// <param name="source">传入的字符串</param>
/// <returns>过滤后的字符串</returns>
publicstatic string SqlFilter(string source)
{
//单引号替换成两个单引号
source = source.Replace("'","''");
//半角封号替换为全角封号,防止多语句执行
source = source.Replace(";",";");
//半角括号替换为全角括号
source = source.Replace("(","(");
source = source.Replace(")",")");
///////////////要用正则表达式替换,防止字母大小写得情况////////////////////
//去除执行存储过程的命令关键字
source = source.Replace("Exec","");
source = source.Replace("Execute","");
//去除系统存储过程或扩展存储过程关键字
source = source.Replace("xp_","x p_");
source = source.Replace("sp_","s p_");
//防止16进制注入
source = source.Replace("0x","0 x");
return source;
}
#endregion
3.
/// 过滤SQL字符。
/// </summary>
/// <param name="str">要过滤SQL字符的字符串。</param>
/// <returns>已过滤掉SQL字符的字符串。</returns>
publicstatic string ReplaceSQLChar(string str)
{
if (str== String.Empty)
return String.Empty; str= str.Replace("'","‘");
str = str.Replace(";",";");
str = str.Replace(",",",");
str = str.Replace("?","?");
str = str.Replace("<","<");
str = str.Replace(">",">");
str = str.Replace("(","(");
str = str.Replace(")",")");
str = str.Replace("@","@");
str = str.Replace("=","=");
str = str.Replace("+","+");
str = str.Replace("*","*");
str = str.Replace("&","&");
str = str.Replace("#","#");
str = str.Replace("%","%");
str = str.Replace("$","¥");
return str;
}
4.
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码</param>
/// <returns>已经去除标记后的文字</returns>
public string NoHtml(string Htmlstring)
{
if (Htmlstring== null)
{
return"";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring,@"<script[^>]*?>.*?</script>","", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring,@"<(.[^>]*)>","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"([\r\n])[\s]+","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"-->","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"<!--.*","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(quot|#34);","\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(amp|#38);","&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(lt|#60);","<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(gt|#62);",">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(nbsp|#160);"," ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(iexcl|#161);","\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(cent|#162);","\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(pound|#163);","\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&(copy|#169);","\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,@"&#(\d+);","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"xp_cmdshell","", RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring,"select","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"insert","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"delete from","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"count''","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"drop table","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"truncate","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"asc","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"mid","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"char","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"xp_cmdshell","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"exec master","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"net localgroup administrators","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"and","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"net user","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"or","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"net","", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"-","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"delete","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"drop","", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,"script","", RegexOptions.IgnoreCase);
//特殊的字符
Htmlstring = Htmlstring.Replace("<","");
Htmlstring = Htmlstring.Replace(">","");
Htmlstring = Htmlstring.Replace("*","");
Htmlstring = Htmlstring.Replace("-","");
Htmlstring = Htmlstring.Replace("?","");
Htmlstring = Htmlstring.Replace("'","''");
Htmlstring = Htmlstring.Replace(",","");
Htmlstring = Htmlstring.Replace("/","");
Htmlstring = Htmlstring.Replace(";","");
Htmlstring = Htmlstring.Replace("*/","");
Htmlstring = Htmlstring.Replace("\r\n","");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
5.
publicstatic bool CheckBadWord(string str)
{
string pattern= @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|net user|or|and";
if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))
return true;
return false;
}
public static string Filter(string str)
{
string[] pattern={ "select","insert","delete","from","count\\(","drop table","update","truncate","asc\\(","mid\\(","char\\(","xp_cmdshell","exec master","netlocalgroup administrators","net user","or","and" };
for (int i= 0; i< pattern.Length; i++)
{
str = str.Replace(pattern[i].ToString(),"");
}
return str;
}
- 过滤特殊字符的方法
- XML文件,过滤一下特殊字符的方法
- jquery validate 增加过滤特殊字符的方法
- 关于input自动过滤特殊字符的简单方法
- 关于input自动过滤特殊字符的简单方法
- js特殊字符的过滤
- 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- C# 过滤sql特殊字符方法集合
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- 关于android 中EditText 特殊字符过滤和字符长度限制的最优方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- 关于android中edittext特殊字符过滤和字符长度限制的最优方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- How to see all the application errors related to SQL Server and export them to a .csv file.
- JQuery选择过滤器大全
- 各种字符编码方式详解及由来(ANSI,UNICODE,UTF-8,GB2312,GBK)
- Problem 16 of 2的1000次方
- 从键盘读入两个整数,输出平方和立方值.
- 过滤特殊字符的方法
- cocoa touch是什么?
- windows7 任务栏突然消息
- sql server 多种方式 查找重复记录
- UNICODE,GBK,UTF-8区别
- Linux 中的零拷贝技术,第 1 部分
- 四屏Flash带缩略图焦点图切换效果
- IE6中select穿过弹出层的彻底解决
- 常用9个 MySQL FLUSH句法