C#程序中防SQL注入的简单字符串替换

Acc = Acc.Replace("[", "……");

Acc = Acc.Replace("]", "……");

Acc = Acc.Replace("and", "");

Acc = Acc.Replace("=", "｛");

Acc = Acc.Replace("<", "｝");

Acc = Acc.Replace(">", "｝");

Acc = Acc.Replace(";", "：");

Acc = Acc.Replace("'", "’");

Acc = Acc.Replace("&", "’");

Acc = Acc.Replace("'", "’");

Acc = Acc.Replace("--", "’");

Acc = Acc.Replace("==", "’");

Acc = Acc.Replace("'", "’");

Acc = Acc.Replace("'", "’");

Acc = Acc.Replace("/", "");

Acc = Acc.Replace("script", "");

Acc = Acc.Replace("SCRIPT", "‘");

Acc = Acc.Replace("Script", "’");

Acc = Acc.Replace("script", "’");

Acc = Acc.Replace("object", "’");

Acc = Acc.Replace("OBJECT", "’");

Acc = Acc.Replace("Object", "’");

Acc = Acc.Replace("object", "’");

Acc = Acc.Replace("applet", "’");

Acc = Acc.Replace("APPLET", "’");

Acc = Acc.Replace("Applet", "’");

Acc = Acc.Replace("applet", "’");

Acc = Acc.Replace("select", "’");

Acc = Acc.Replace("execute", "’"); 

Acc = Acc.Replace("exec", "’");

Acc = Acc.Replace("join", "’");

Acc = Acc.Replace("union", "’");

Acc = Acc.Replace("where", "’");

Acc = Acc.Replace("insert", "’");

Acc = Acc.Replace("delete", "’");

Acc = Acc.Replace("update", "’");

Acc = Acc.Replace("like", "’");

Acc = Acc.Replace("drop", "’");

Acc = Acc.Replace("create", "’");

Acc = Acc.Replace("rename", "’");

Acc = Acc.Replace("count", "’");

Acc = Acc.Replace("chr", "’");

Acc = Acc.Replace("mid", "’");

Acc = Acc.Replace("truncate", "’");

Acc = Acc.Replace("nchar", "’");

Acc = Acc.Replace("char", "’");            

Acc = Acc.Replace("alter", "z");            

Acc = Acc.Replace("cast", "z");            

Acc = Acc.Replace("exists", "z");