1.
2.
3.
/// 過濾SQL字符�。/// </summary>/// <param name="str">要過濾SQL字符的字符串。</param>/// <returns>已過濾掉SQL字符的字符串���。</returns>public static string ReplaceSQLChar(string str){ if (str == String.Empty) return String.Empty; str = str.Replace("'", "‘"); str = str.Replace(";", "�����;"); str = str.Replace(",", ","); str = str.Replace("?", "?"); str = str.Replace("<", "<"); str = str.Replace(">", ">"); str = str.Replace("(", "("); str = str.Replace(")", ")"); str = str.Replace("@", "@"); str = str.Replace("=", "="); str = str.Replace("+", "+"); str = str.Replace("*", "*"); str = str.Replace("&", "&"); str = str.Replace("#", "#"); str = str.Replace("%", "%"); str = str.Replace("$", "¥"); return str;}4.
/// <summary>/// 過濾標記/// </summary>/// <param name="NoHTML">包括HTML�,腳本���,數據庫關鍵字���,特殊字符的源碼 </param>/// <returns>已經去除標記后的文字</returns>public string NoHtml(string Htmlstring){ if (Htmlstring == null) { return ""; } else { //刪除腳本 Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase); //刪除HTML Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"([/r/n])[/s]+", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "/"", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "/xa1", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "/xa2", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "/xa3", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "/xa9", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, @"&#(/d+);", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase); //刪除與數據庫相關的詞 Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase); //Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "-", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase); Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase); //特殊的字符 Htmlstring = Htmlstring.Replace("<", ""); Htmlstring = Htmlstring.Replace(">", ""); Htmlstring = Htmlstring.Replace("*", ""); Htmlstring = Htmlstring.Replace("-", ""); Htmlstring = Htmlstring.Replace("?", ""); Htmlstring = Htmlstring.Replace("'", "''"); Htmlstring = Htmlstring.Replace(",", ""); Htmlstring = Htmlstring.Replace("/", ""); Htmlstring = Htmlstring.Replace(";", ""); Htmlstring = Htmlstring.Replace("*/", ""); Htmlstring = Htmlstring.Replace("/r/n", ""); Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim(); return Htmlstring; }}5.
public static bool CheckBadWord(string str){string pattern = @"select|insert|delete|from|count/(|drop table|update|truncate|asc/(|mid/(|char/(|xp_cmdshell|exec master|netlocalgroup administrators|net user|or|and";if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))return true;return false;}public static string Filter(string str){string[] pattern ={ "select", "insert", "delete", "from", "count//(", "drop table", "update", "truncate", "asc//(", "mid//(", "char//(", "xp_cmdshell", "exec master", "netlocalgroup administrators", "net user", "or", "and" };for (int i = 0; i < pattern.Length; i++){str = str.Replace(pattern[i].ToString(), "");}return str;}
