C#的防范SQL注入代码！

来源：互联网发布：天津商业大学网络管理编辑：程序博客网时间：2024/04/28 19:22
#region SQL注入检验        ///         /// SQL注入检验        ///         /// 要检查的字符串        ///         public static string SqlCheck(string txt_Checking)        {           //特殊字符              txt_Checking=  txt_Checking.Replace("'", "");              txt_Checking = txt_Checking.Replace("/"", "");              txt_Checking = txt_Checking.Replace("=", "");              txt_Checking = txt_Checking.Replace(":", "");              txt_Checking = txt_Checking.Replace("#", "");              txt_Checking = txt_Checking.Replace("@", "");              txt_Checking = txt_Checking.Replace(";", "");              txt_Checking = txt_Checking.Replace("%", "");              txt_Checking = txt_Checking.Replace("*", "");            //特殊词 select or and join out delete update               //         net user               //xp_cmdshell               //add               //exec master.dbo.xp_cmdshell               //net localgroup administrators               //select               //count               //Asc               //char               //mid             //insert               //delete from               //drop table               //update               //truncate               //from               //%           string [] swap=new string []           {               "select","or","and","join","out","delete","update","where","insert","from","asc","char","count",              "mid","net","exec","net localgroup","user"           };           for (int i = 0; i < swap.Length; i++)           {               if (Regex.IsMatch(txt_Checking, swap[i], RegexOptions.IgnoreCase|RegexOptions.IgnorePatternWhitespace))               {                   txt_Checking = Regex.Replace(txt_Checking, swap[i], "", RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace);                   //txt_Checking = txt_Checking.Replace(swap[i], "");               }           }           return txt_Checking.ToString();                    }        #endregion
自己写的，如果有什么不对的地方请留言指教！