RobyRen

成长历程,一步一个脚印!

sql 注入 替换输入字符

  #region 字符串过滤
        /// <summary>
        /// 字符串过滤
        /// </summary>
        /// <param name="str"></param>
        /// <returns></returns>
        public static string repstr(string str)
        {
            if (str != null)
            {
                str = str.ToLower().Replace("'", "");
                str = str.ToLower().Replace("truncate", "");
                str = str.ToLower().Replace("char", "");
                str = str.ToLower().Replace("declare", "");
                str = str.ToLower().Replace("join", "");
                str = str.ToLower().Replace("and", "");
                str = str.ToLower().Replace("chr", "");
                str = str.ToLower().Replace("mid", "");
                str = str.ToLower().Replace("master", "");
                str = str.ToLower().Replace("delete", "");
                str = str.ToLower().Replace("drop", "");
                str = str.ToLower().Replace("select", "");
                str = str.ToLower().Replace("update", "");
                str = str.ToLower().Replace("insert", "");

       str = str.ToLower().Replace("--","");
            }
            return str;
        }
        #endregion

 

posted on 2010-01-29 10:50  イモツホヌ  阅读(364)  评论(0)    收藏  举报

导航