private static string[] StrBadWord()
{
string[] Bad = new string[] { "'", """, ";", "--", ",", "!", "~", "@", "$", "%", "^", "/", " ", "_", ">", "<" };
return Bad;
}
/// <summary>
/// 检查SQL是否存在非法 True包含非法字符,False不包含
/// </summary>
/// <param name="getkeys">字符串</param>
/// <returns>True包含非法字符,False不包含</returns>
public static bool CheckSQL(string getKeys)
{
if (string.IsNullOrEmpty(getKeys))
{
return false;
}
string[] SBW = StrBadWord();
bool IsOk = false;
foreach (string str in SBW)
{
if (getKeys.Contains(str))
{
IsOk = true;
return IsOk;
}
}
return IsOk;
}