以下针对c#.net
首先添加引用Microsoft.VisualBasic.Dll
引入命名空间using Microsoft.VisualBasic;
使用Replace方法,以下为参数:
Strings.Replace(原字符串的内容,要替换的字段内容,替换后的字段内容,从第几位开始替换(注意默认为1),替换的次数(-1表示所有),是否无视大小写);
例:
public static string cutHtml(string str)
{
str = Strings.Replace(str, "<", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ">", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, """, "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "delete", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "script", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "update", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "exec", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "insert", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "object", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "function", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "drop", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "rename", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "mid", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "exists", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "alter", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "\"", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "\'", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ";", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ",", "", 1, -1, CompareMethod.Text);
return str;
}
如果您有更好的防sql注入方法请留言 我将非常感谢
阅读(1337) | 评论(0) | 转发(0) |