34,838
社区成员




/// <summary>
/// 检查是否有注入攻击
/// </summary>
/// <param name="Content"></param>
/// <returns></returns>
public static string SafeSQL(string Content)
{
Content = Content.Replace("'", "''");
Content = Content.Replace("-", "");
Content = Content.Replace("*", "");
Content = Content.Replace(" ", "");
Content = Content.Replace("\"", "");
Content = Content.Replace("[", "");
Content = Content.Replace("]", "");
Content = Content.Replace("%", "");
Content = Content.Replace(";", "");
Content = Content.Replace(":", "");
Content = Content.Replace("+", "");
Content = Content.Replace("{", "");
Content = Content.Replace("}", "");
return Content;
}
--这个应该是什么IP吧,不需要什么单引号,直接过滤
SET @remote_ip=REPLACE(@remote_ip,'''','')
--后面这些,把单引号变成两个单引号,这样就不会被注入了
SET @user_id=REPLACE(@user_id,'''','''''')
SET @view_page=REPLACE(@view_page,'''','''''')
SET @ref_page=REPLACE(@ref_page,'''','''''')
SET @ref_ad=REPLACE(@ref_ad,'''','''''')