如题,下面是 代码using System;
using System.Text;namespace HuaXiaTG.WebUI
{
/// <summary>
/// A sample class to clean the input into web pages
/// </summary>
public sealed class CleanString { public static string InputText(string inputString, int maxLength) {
StringBuilder retVal = new StringBuilder(); // check incoming parameters for null or blank string
if ((inputString != null) && (inputString != String.Empty)) {
inputString = inputString.Trim(); //chop the string incase the client-side max length
//fields are bypassed to prevent buffer over-runs
if (inputString.Length > maxLength)
inputString = inputString.Substring(0, maxLength); //convert some harmful symbols incase the regular
//expression validators are changed
for (int i = 0; i < inputString.Length; i++) {
switch (inputString[i]) {
case '"':
retVal.Append(""");
break;
case '<':
retVal.Append("<");
break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append(inputString[i]);
break;
}
} // Replace single quotes with white space
retVal.Replace("'", "");
} return retVal.ToString();
}
}
}过滤了这些字符,就万事OK了吗??对数字型的怎么办?
using System.Text;namespace HuaXiaTG.WebUI
{
/// <summary>
/// A sample class to clean the input into web pages
/// </summary>
public sealed class CleanString { public static string InputText(string inputString, int maxLength) {
StringBuilder retVal = new StringBuilder(); // check incoming parameters for null or blank string
if ((inputString != null) && (inputString != String.Empty)) {
inputString = inputString.Trim(); //chop the string incase the client-side max length
//fields are bypassed to prevent buffer over-runs
if (inputString.Length > maxLength)
inputString = inputString.Substring(0, maxLength); //convert some harmful symbols incase the regular
//expression validators are changed
for (int i = 0; i < inputString.Length; i++) {
switch (inputString[i]) {
case '"':
retVal.Append(""");
break;
case '<':
retVal.Append("<");
break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append(inputString[i]);
break;
}
} // Replace single quotes with white space
retVal.Replace("'", "");
} return retVal.ToString();
}
}
}过滤了这些字符,就万事OK了吗??对数字型的怎么办?
解决方案 »
- 后台定义的button控件,为什么没有Onclick属性?怎么使他点击这个按钮执行一个后台的函数。
- 怎样实现:网页的内容不被打印及复制?
- 脚本不执行
- 一个水晶报表使用的简单例子,希望大家指点讨论下
- 样式表CSS文件中可否加入服务器端脚本
- 关于textbox中含有'?'而插入异常的问题,希望指教
- HttpWebRequest提交数据到另外一web程序以便用户登录,返回状态显示成功,但web程序没有实现登录.
- SSO单点登陆,discuz论坛的问题,高手请教
- 关于DownDropList联动的问题
- 【【【【**Asp.net dataAdapter.update(ds) 数据源更新问题 **】】】】
- 请问学javascript语言看哪本书好或者有没有好的学习资料。谢谢了!
- 读写Access数据库权限问题
retVal.Replace("'", "");
}
可能有点用
petshop吧,很多教科书也都是引用改方法的
int.Parse() double.Parse()等等.
/// 去除非法字串
/// </summary>
/// <param name="strChar">原字串</param>
/// <returns>过滤过的字串</returns>
public static string ReplaceBadChar(string strChar)
{
if (strChar.Trim() == "")
{
return "";
}
else
{
strChar=strChar.Replace("'","");
strChar=strChar.Replace("*","");
strChar=strChar.Replace("?","");
strChar=strChar.Replace("(","");
strChar=strChar.Replace(")","");
strChar=strChar.Replace("<","");
strChar=strChar.Replace("=","");
return strChar.Trim();
}
}