1
/// <summary>
2
/// 过滤SQL注入
3 /// </summary>
4 /// <param name="strSQL"></param>
5
/// <returns></returns>
6
public static bool CheckSQLInjection(string strSQL)
7 {
8 if (string.IsNullOrEmpty(strSQL))
9
{
10 return true;
11
}
12 else
13 {
14 Regex RegExpression = new Regex(@"\s");
15 strSQL = RegExpression.Replace(strSQL.Trim().Trim().ToLower().Replace("%20", " "), " ");
16 string Pattern = @"select |insert |delete from |count\(|drop table|update |truncate |asc\(|mid\(|char\(|xp_cmdshell|exec master|net localgroup administrators|:|net user|""|\'| or ";
17
18 if (Regex.IsMatch(strSQL, Pattern))
19 {
20 return false;
21 }
22 else
23 {
24 return true;
25 }
26 }
27 }
/// <summary>
2
/// 过滤SQL注入3
/// </summary>4
/// <param name="strSQL"></param>5
/// <returns></returns>6
public static bool CheckSQLInjection(string strSQL)7
{
8
if (string.IsNullOrEmpty(strSQL))9
{
10
return true;11
}12
else13
{14
Regex RegExpression = new Regex(@"\s");15
strSQL = RegExpression.Replace(strSQL.Trim().Trim().ToLower().Replace("%20", " "), " ");16
string Pattern = @"select |insert |delete from |count\(|drop table|update |truncate |asc\(|mid\(|char\(|xp_cmdshell|exec master|net localgroup administrators|:|net user|""|\'| or ";17
18
if (Regex.IsMatch(strSQL, Pattern))19
{20
return false;21
}22
else23
{24
return true;25
}26
}27
}