Chinaunix首页 | 论坛 | 博客
  • 博客访问: 82102
  • 博文数量: 18
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 240
  • 用 户 组: 普通用户
  • 注册时间: 2014-01-22 16:06
文章分类
文章存档

2014年(18)

我的朋友

分类: C#/.net

2014-01-27 17:40:58

以下针对c#.net

首先添加引用Microsoft.VisualBasic.Dll

引入命名空间using Microsoft.VisualBasic;


使用Replace方法,以下为参数:


Strings.Replace(原字符串的内容,要替换的字段内容,替换后的字段内容,从第几位开始替换(注意默认为1),替换的次数(-1表示所有),是否无视大小写);


例:

       public static string cutHtml(string str)

       {


           str = Strings.Replace(str, "<", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, ">", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, """, "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "delete", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "script", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "update", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "exec", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "insert", "", 1, -1, CompareMethod.Text);        

           str = Strings.Replace(str, "object", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "function", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "drop", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "rename", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "mid", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "exists", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "alter", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "\"", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, "\'", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, ";", "", 1, -1, CompareMethod.Text);

           str = Strings.Replace(str, ",", "", 1, -1, CompareMethod.Text);


           return str;

       }

如果您有更好的防sql注入方法请留言 我将非常感谢
阅读(1337) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~