function isSQL(st)
{
var in_str = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
var arrStr = in_str.split('|');
var l = arrStr.length;
for(var i = 0; i < l; i++)
{
if(st.indexOf(arrStr[i]) >= 0)
return true;
}
return false;
}
public static bool isSQL(string str)
{
string in_str = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
string[] in_sql = in_str.Split('|');
for (int i = 0; i < in_sql.Length; i++)
{
if (str.IndexOf(in_sql[i]) >= 0)
return true;//存在sql注入
}
return false;
}