/// <summary>
/// 过滤SQL注入
/// </summary>
/// <param name="strSQL"></param>
/// <returns></returns>
public static bool CheckSQLInjection(string strSQL)
{
if (string.IsNullOrEmpty(strSQL))
{
return true;
}
else
{
Regex RegExpression = new Regex(@"\s");
strSQL = RegExpression.Replace(strSQL.Trim().Trim().ToLower().Replace("%20", " "), " ");
string Pattern = @"select |insert |delete from |count\(|drop table|update |truncate |asc\(|mid\(|char\(|xp_cmdshell|exec master|net localgroup administrators|:|net user|""|\'| or ";
if (Regex.IsMatch(strSQL, Pattern))
{
return true;
}
else
{
return false;
}
}
}