.NET中SQL注入和HTML过滤的问题! 第一次自己做网站,需要过滤掉用户输入信息中的HTML代码、WORD文本的样式,还有一些SQL关键字,怎么做呢?越详细越好! 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 /**/ /// <summary>/// 去除HTML标记/// </summary>/// <param name="NoHTML">包括HTML的源码 </param>/// <returns>已经去除后的文字</returns>public static string NoHTML(string Htmlstring){//删除脚本Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);//删除HTMLHtmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase); Htmlstring.Replace("<", "");Htmlstring.Replace(">", "");Htmlstring.Replace("\r\n", "");Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();return Htmlstring;} 这个也只能去除HTML中的一部分代码,其他的HTML代码、SQL和WORD格式怎么去掉呢? sql 注入过滤public static string InputText(string text, int maxLength) { text = Regex.Replace(text, "[\\s]{2,}", " "); text = Regex.Replace(text, "( <[b|B][r|R]/*>)+|( <[p|P](.|\\n)*?>)", "\n"); text = Regex.Replace(text, "(\\s*&[n|N][b|B][s|S][p|P];\\s*)+", " "); text = Regex.Replace(text, " <(.|\\n)*?>", string.Empty); text = text.Replace("'", "''"); return text; }http://topic.csdn.net/u/20090708/09/b78444ee-9081-4ff7-8aa5-ba6f9b1d9fdc.html html=Regex.Replace(html,@"<[^>]+>", " ", RegexOptions.IgnoreCase); 我现在非常想知道如何去掉WORD样式!!!! 我下面这段代码,,, 数据库连接池的问题 memcpy转换的问题 帮我看一下,出了什么问题???? 数据库删除和插入记录时出现的问题? 请教:一个c写的dll提供函数bool Des_Go(char *Out,char *In,long datalen,const char *Key,int keylen,bool Type); 一个权限问题! 如何用编程的方式来改变我本机的IP地址? 迭代器 有关 SqlDataReader 类 的问题 导出到Excel的问题 Socket ip地址问题
/// <summary>
/// 去除HTML标记
/// </summary>
/// <param name="NoHTML">包括HTML的源码 </param>
/// <returns>已经去除后的文字</returns>
public static string NoHTML(string Htmlstring)
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "",
RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9",
RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "",
RegexOptions.IgnoreCase);
Htmlstring.Replace("<", "");
Htmlstring.Replace(">", "");
Htmlstring.Replace("\r\n", "");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();return Htmlstring;
}
public static string InputText(string text, int maxLength)
{
text = Regex.Replace(text, "[\\s]{2,}", " ");
text = Regex.Replace(text, "( <[b|B][r|R]/*>)+|( <[p|P](.|\\n)*?>)", "\n");
text = Regex.Replace(text, "(\\s*&[n|N][b|B][s|S][p|P];\\s*)+", " ");
text = Regex.Replace(text, " <(.|\\n)*?>", string.Empty);
text = text.Replace("'", "''");
return text;
}
http://topic.csdn.net/u/20090708/09/b78444ee-9081-4ff7-8aa5-ba6f9b1d9fdc.html