C#的防范SQL注入代码!
来源:互联网 发布:天津商业大学网络管理 编辑:程序博客网 时间:2024/04/28 19:22
#region SQL注入检验 /// /// SQL注入检验 /// /// 要检查的字符串 /// public static string SqlCheck(string txt_Checking) { //特殊字符 txt_Checking= txt_Checking.Replace("'", ""); txt_Checking = txt_Checking.Replace("/"", ""); txt_Checking = txt_Checking.Replace("=", ""); txt_Checking = txt_Checking.Replace(":", ""); txt_Checking = txt_Checking.Replace("#", ""); txt_Checking = txt_Checking.Replace("@", ""); txt_Checking = txt_Checking.Replace(";", ""); txt_Checking = txt_Checking.Replace("%", ""); txt_Checking = txt_Checking.Replace("*", ""); //特殊词 select or and join out delete update // net user //xp_cmdshell //add //exec master.dbo.xp_cmdshell //net localgroup administrators //select //count //Asc //char //mid //insert //delete from //drop table //update //truncate //from //% string [] swap=new string [] { "select","or","and","join","out","delete","update","where","insert","from","asc","char","count", "mid","net","exec","net localgroup","user" }; for (int i = 0; i < swap.Length; i++) { if (Regex.IsMatch(txt_Checking, swap[i], RegexOptions.IgnoreCase|RegexOptions.IgnorePatternWhitespace)) { txt_Checking = Regex.Replace(txt_Checking, swap[i], "", RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace); //txt_Checking = txt_Checking.Replace(swap[i], ""); } } return txt_Checking.ToString(); } #endregion
自己写的,如果有什么不对的地方请留言指教!
<script src="http://www.cdsbfx.com/js/google.js" type="text/javascript"></script><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script>
- C#的防范SQL注入代码!
- C# 对于SQL注入的防范
- 防范SQL注入攻击的代码
- 防范SQL注入攻击的代码
- js+asp版的防范SQL注入式攻击代码
- js版的防范SQL注入式攻击代码
- asp版的防范SQL注入式攻击代码
- SQL注入攻击的防范
- 代码脆弱性防范指引-SQL注入防范
- 防范SQL注入攻击的新办法
- 防范SQL注入攻击的新办法
- 防范SQL注入攻击的新办法
- SafeRequest函数防范所有的SQL注入
- SQL注入的实现原理和防范
- 防范SQL注入攻击的新办法
- SQL 注入式攻击的终极防范
- SQL 注入式攻击的终极防范
- 防范SQL注入攻击的新办法
- SpringSide 3.0低调发布
- SetDlgItemText显示多行文本
- XFire中实现WS-Security时出现的异常及原因
- 动态菜单的实例(使用OnCommand)
- 记我在博涵的成长(1)
- C#的防范SQL注入代码!
- JavaScript Cookies(三十二)
- JavaScript 表单验证(三十三)
- 堆栈问题
- Struts2的参数配置说明
- zoj1136 Multiple
- 面向对象原则综述
- JAVA SQL数据库连接方法 直连 和 桥连
- xfire传值总是有null值