我只有这个.. /// <summary>
/// 防注入字符串检查
/// </summary>
/// <param name="str">待检查的字符串</param>
/// <returns></returns>
public static bool StringCheck(string str)
{
if (str.Trim() == "" || str == null)
{
return true;
}
else
{
Regex re = new Regex(@"\s");
str = re.Replace(str.Replace("%20", " "), " ");
string pattern = @"select |insert |delete from |count\(|drop table|update |truncate |asc\(|mid\(|char\(|xp_cmdshell|exec master|net localgroup administrators|:|net user|""|\'| or ";
if (Regex.IsMatch(str, pattern))
{
return false;
}
else
{
return true;
}
}
}通常我都不用,都是直接用存储过程或则使用带参数的Sql语句
/// 防注入字符串检查
/// </summary>
/// <param name="str">待检查的字符串</param>
/// <returns></returns>
public static bool StringCheck(string str)
{
if (str.Trim() == "" || str == null)
{
return true;
}
else
{
Regex re = new Regex(@"\s");
str = re.Replace(str.Replace("%20", " "), " ");
string pattern = @"select |insert |delete from |count\(|drop table|update |truncate |asc\(|mid\(|char\(|xp_cmdshell|exec master|net localgroup administrators|:|net user|""|\'| or ";
if (Regex.IsMatch(str, pattern))
{
return false;
}
else
{
return true;
}
}
}通常我都不用,都是直接用存储过程或则使用带参数的Sql语句
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货