asp.net的sql防注入 和去除html标记的函数
来源:互联网 发布:淘宝怎么上咸鱼 编辑:程序博客网 时间:2024/05/16 01:04
// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns>已经去除标记后的文字</returns>
public static string NoHTML(string Htmlstring)
{
if (Htmlstring == null)
{
return "";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring,"*", "", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring,"-", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);
//特殊的字符
Htmlstring = Htmlstring.Replace("<", "");
Htmlstring = Htmlstring.Replace(">", "");
Htmlstring = Htmlstring.Replace("*", "");
Htmlstring = Htmlstring.Replace("-", "");
Htmlstring = Htmlstring.Replace("?", "");
Htmlstring = Htmlstring.Replace(",", "");
Htmlstring = Htmlstring.Replace("/", "");
Htmlstring = Htmlstring.Replace(";", "");
Htmlstring = Htmlstring.Replace("*/", "");
Htmlstring = Htmlstring.Replace("\r\n", "");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
- asp.net的sql防注入 和去除html标记的函数
- asp.net防SQL注入的安全措施
- 简单的ASP.net防SQL注入
- 简单的ASP.net防SQL注入
- 简单的ASP.net防SQL注入
- 简单的ASP.net防SQL注入
- asp.net的sql防注入
- asp.net防SQL注入的安全措施
- ASP.NET 去除HTML标记 函数
- asp.net防SQL/JS注入攻击:过滤标记
- ASP.NET 去除所有HTML标记的方法
- ASP.net简单的防SQL注入代码
- ASP.net简单的防SQL注入代码
- ASP.net简单的防SQL注入代码
- asp.net(C#)防sql注入组件的实现代码
- asp.net防注入的两个自定义函数
- asp.net防注入的两个自定义函数
- ASP.NET 防注入的两个通用函数
- 数据结构
- 二维数组遍历输出(3种方法)(1)下标方法,(2)列指针方法,(3)行指针方法;
- 当程序崩溃的时候怎么办 Part-2
- flex中自定义toolTip组件,以及flex中的checkBox组件奇特现象
- java遇到的异常
- asp.net的sql防注入 和去除html标记的函数
- ucos-ii中OSTaskSuspend(INT8U prio)任务挂起函数中的 OS_PRIO_SELF注释
- java设计模式_Builder模式
- 对文件夹的操作SHFileOperation()的使用
- ubuntu 12.04LTS + wine 1.5上安装&使用PL/SQL Developer-已经相当完美
- 12月26日iframe执行
- 【iOS游戏开发】icon那点事 之 图标大小查询(一)
- 关于iOS6.0 屏幕旋转的问题
- Ubuntu 防火墙配置