对输入框的特殊字串进行过滤,防止SQL注入
2010-08-20 14:36
519 查看
以前不用这种方法过滤字符串,在网上看到这种方法,好像还行,收藏一下。不过别人如果要显示像";" 的字符的时候也要替换一下
/// <summary>
/// 对输入框的特殊字串进行过滤,防止SQL注入
/// </summary>
/// <param name="strFromText">要被过滤的字符串</param>
/// <returns>过滤后的字符串</returns>
public static string SqlInsertEncode(string strFromText)
{
if (!System.String.IsNullOrEmpty(strFromText) && strFromText != "")
{
strFromText = strFromText.Replace(";", ";");
strFromText = strFromText.Replace("!", "!");
strFromText = strFromText.Replace("@", "@");
strFromText = strFromText.Replace("$", "$");
strFromText = strFromText.Replace("*", "*");
strFromText = strFromText.Replace("(", "(");
strFromText = strFromText.Replace(")", ")");
strFromText = strFromText.Replace("-", "-");
strFromText = strFromText.Replace("+", "+");
strFromText = strFromText.Replace("=", "=");
strFromText = strFromText.Replace("|", "|");
strFromText = strFromText.Replace("//", "\");
strFromText = strFromText.Replace("/", "/");
strFromText = strFromText.Replace(":", ":");
strFromText = strFromText.Replace("/"", """);
strFromText = strFromText.Replace("'", "'");
strFromText = strFromText.Replace("<", "<");
strFromText = strFromText.Replace(" ", " ");
strFromText = strFromText.Replace(">", ">");
strFromText = strFromText.Replace(" ", " ");
}
return strFromText;
}
/// <summary>
/// 对输入框的特殊字串进行过滤,防止SQL注入
/// </summary>
/// <param name="strFromText">要被过滤的字符串</param>
/// <returns>过滤后的字符串</returns>
public static string SqlInsertEncode(string strFromText)
{
if (!System.String.IsNullOrEmpty(strFromText) && strFromText != "")
{
strFromText = strFromText.Replace(";", ";");
strFromText = strFromText.Replace("!", "!");
strFromText = strFromText.Replace("@", "@");
strFromText = strFromText.Replace("$", "$");
strFromText = strFromText.Replace("*", "*");
strFromText = strFromText.Replace("(", "(");
strFromText = strFromText.Replace(")", ")");
strFromText = strFromText.Replace("-", "-");
strFromText = strFromText.Replace("+", "+");
strFromText = strFromText.Replace("=", "=");
strFromText = strFromText.Replace("|", "|");
strFromText = strFromText.Replace("//", "\");
strFromText = strFromText.Replace("/", "/");
strFromText = strFromText.Replace(":", ":");
strFromText = strFromText.Replace("/"", """);
strFromText = strFromText.Replace("'", "'");
strFromText = strFromText.Replace("<", "<");
strFromText = strFromText.Replace(" ", " ");
strFromText = strFromText.Replace(">", ">");
strFromText = strFromText.Replace(" ", " ");
}
return strFromText;
}
相关文章推荐
- 过滤网址和输入框中的特殊字符,防止sql注入
- 过滤网址和输入框中的特殊字符,防止sql注入(C#版)
- 过滤网址和输入框中的特殊字符,防止sql注入(C#版)
- 过滤网址和输入框中的特殊字符,防止sql注入(C#版)
- Tornado Web 防止XSS攻击,即对变量进行特殊字符过滤
- 防止xss和sql注入:JS特殊字符过滤正则
- JS特殊字符过滤,防止xss和sql注入。
- 防止xss和sql注入:JS特殊字符过滤正则
- java 过滤敏感词和特殊字符 防止sql注入
- 对输入进行长度限制和字符过滤,防止SQL注入
- js对文本框的特殊字符进行编译和反编译,过滤的效果,常用于文本输入防止xss
- 防止xss和sql注入:JS特殊字符过滤正则
- prepareStatement进行增删改查---填充占位符(防止sql注入)
- 利用简单的过滤器 过滤特殊字符实现 防止XSS攻击
- jquery过滤特殊字符',防sql注入的实现方法
- 使用jquery ajax对特殊字符进行转义,防止js注入
- 解析XML时过滤空格等特殊符号防止出错的代码
- 用python进行数据预处理,过滤特殊符号,英文和数字。(适用于中文分词)
- jquery过滤特殊字符',防sql注入的实现方法