62,046
社区成员
发帖
与我相关
我的任务
分享
str = str.Replace(";","").Replace("*","").Replace("'","").Replace("&","").Replace(" ","").Replace("%20","").Replace("--","").Replace("==","").Replace("<","").Replace(">","").Replace("%","").Replace("nchar","").Replace("select","").Replace("update","").Replace("insert","").Replace("create","").Replace("drop","").Replace("delete","");
我自己一直是这么写的,希望对你有启发
#region 过滤字符
/// <summary>
/// 具体情况来定要过滤的字符
/// </summary>
/// <param name="param">要过滤的字符</param>
public static string CheckSaftParam(string param)
{
param = param.Replace("net user", "");
param = param.Replace("xp_cmdshell", "");
param = param.Replace("/add", "");
param = param.Replace("exec%20master.dbo.xp_cmdshell", "");
param = param.Replace("net localgroup administrators", "");
param = param.Replace("select", "");
param = param.Replace("'", "''");
param = param.Replace("insert", "");
param = param.Replace("delete", "");
param = param.Replace("drop", "");
param = param.Replace("truncate", "");
param = param.Replace("from", "");
param = param.Replace("%", "");
param = param.Replace("%20", "");
return param;
}
#endregion