过滤特殊字符的方法
2012-03-15 15:06
411 查看
1.
/// <summary>
/// 过滤不安全的字符串
///
</summary>
///
<param name="Str"></param>
///
<returns></returns>
public
static
string FilteSQLStr(string Str)
{
Str = Str.Replace("'",
"");
Str = Str.Replace("\"",
"");
Str = Str.Replace("&",
"&");
Str = Str.Replace("<",
"<");
Str = Str.Replace(">",
">");
Str = Str.Replace("delete",
"");
Str = Str.Replace("update",
"");
Str = Str.Replace("insert",
"");
return Str;
}
2.
#region 过滤 Sql 语句字符串中的注入脚本
///
<summary>
/// 过滤 Sql 语句字符串中的注入脚本
///
</summary>
///
<param name="source">传入的字符串</param>
///
<returns>过滤后的字符串</returns>
public
static
string SqlFilter(string source)
{
//单引号替换成两个单引号
source = source.Replace("'",
"''");
//半角封号替换为全角封号,防止多语句执行
source = source.Replace(";",
";");
//半角括号替换为全角括号
source = source.Replace("(",
"(");
source = source.Replace(")",
")");
///////////////要用正则表达式替换,防止字母大小写得情况////////////////////
//去除执行存储过程的命令关键字
source = source.Replace("Exec",
"");
source = source.Replace("Execute",
"");
//去除系统存储过程或扩展存储过程关键字
source = source.Replace("xp_",
"x p_");
source = source.Replace("sp_",
"s p_");
//防止16进制注入
source = source.Replace("0x",
"0 x");
return source;
}
#endregion
3.
/// 过滤SQL字符。
///
</summary>
///
<param name="str">要过滤SQL字符的字符串。</param>
///
<returns>已过滤掉SQL字符的字符串。</returns>
public
static
string ReplaceSQLChar(string str)
{
if (str
== String.Empty)
return String.Empty; str
= str.Replace("'",
"‘");
str = str.Replace(";",
";");
str = str.Replace(",",
",");
str = str.Replace("?",
"?");
str = str.Replace("<",
"<");
str = str.Replace(">",
">");
str = str.Replace("(",
"(");
str = str.Replace(")",
")");
str = str.Replace("@",
"@");
str = str.Replace("=",
"=");
str = str.Replace("+",
"+");
str = str.Replace("*",
"*");
str = str.Replace("&",
"&");
str = str.Replace("#",
"#");
str = str.Replace("%",
"%");
str = str.Replace("$",
"¥");
return str;
}
4.
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码
</param>
/// <returns>已经去除标记后的文字</returns>
public
string NoHtml(string Htmlstring)
{
if (Htmlstring
== null)
{
return
"";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring,
@"<script[^>]*?>.*?</script>",
"", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring,
@"<(.[^>]*)>",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"([\r\n])[\s]+",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"-->",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"<!--.*",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(quot|#34);",
"\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(amp|#38);",
"&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(lt|#60);",
"<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(gt|#62);",
">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(nbsp|#160);",
" ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(iexcl|#161);",
"\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(cent|#162);",
"\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(pound|#163);",
"\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(copy|#169);",
"\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"(\d+);",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"xp_cmdshell",
"", RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring,
"select",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"insert",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"delete from",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"count''",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"drop table",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"truncate",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"asc",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"mid",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"char",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"xp_cmdshell",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"exec master",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"net localgroup administrators",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"and",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"net user",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"or",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"net",
"", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"-",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"delete",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"drop",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"script",
"", RegexOptions.IgnoreCase);
//特殊的字符
Htmlstring = Htmlstring.Replace("<",
"");
Htmlstring = Htmlstring.Replace(">",
"");
Htmlstring = Htmlstring.Replace("*",
"");
Htmlstring = Htmlstring.Replace("-",
"");
Htmlstring = Htmlstring.Replace("?",
"");
Htmlstring = Htmlstring.Replace("'",
"''");
Htmlstring = Htmlstring.Replace(",",
"");
Htmlstring = Htmlstring.Replace("/",
"");
Htmlstring = Htmlstring.Replace(";",
"");
Htmlstring = Htmlstring.Replace("*/",
"");
Htmlstring = Htmlstring.Replace("\r\n",
"");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
5.
public
static
bool CheckBadWord(string str)
{
string pattern
= @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup
administrators|net user|or|and";
if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))
return
true;
return
false;
}
public
static string Filter(string str)
{
string[] pattern
={ "select",
"insert",
"delete",
"from",
"count\\(",
"drop table",
"update",
"truncate",
"asc\\(",
"mid\\(",
"char\\(",
"xp_cmdshell",
"exec master",
"netlocalgroup administrators",
"net user",
"or",
"and" };
for (int i
= 0; i
< pattern.Length; i++)
{
str = str.Replace(pattern[i].ToString(),
"");
}
return str;
}
/// <summary>
/// 过滤不安全的字符串
///
</summary>
///
<param name="Str"></param>
///
<returns></returns>
public
static
string FilteSQLStr(string Str)
{
Str = Str.Replace("'",
"");
Str = Str.Replace("\"",
"");
Str = Str.Replace("&",
"&");
Str = Str.Replace("<",
"<");
Str = Str.Replace(">",
">");
Str = Str.Replace("delete",
"");
Str = Str.Replace("update",
"");
Str = Str.Replace("insert",
"");
return Str;
}
2.
#region 过滤 Sql 语句字符串中的注入脚本
///
<summary>
/// 过滤 Sql 语句字符串中的注入脚本
///
</summary>
///
<param name="source">传入的字符串</param>
///
<returns>过滤后的字符串</returns>
public
static
string SqlFilter(string source)
{
//单引号替换成两个单引号
source = source.Replace("'",
"''");
//半角封号替换为全角封号,防止多语句执行
source = source.Replace(";",
";");
//半角括号替换为全角括号
source = source.Replace("(",
"(");
source = source.Replace(")",
")");
///////////////要用正则表达式替换,防止字母大小写得情况////////////////////
//去除执行存储过程的命令关键字
source = source.Replace("Exec",
"");
source = source.Replace("Execute",
"");
//去除系统存储过程或扩展存储过程关键字
source = source.Replace("xp_",
"x p_");
source = source.Replace("sp_",
"s p_");
//防止16进制注入
source = source.Replace("0x",
"0 x");
return source;
}
#endregion
3.
/// 过滤SQL字符。
///
</summary>
///
<param name="str">要过滤SQL字符的字符串。</param>
///
<returns>已过滤掉SQL字符的字符串。</returns>
public
static
string ReplaceSQLChar(string str)
{
if (str
== String.Empty)
return String.Empty; str
= str.Replace("'",
"‘");
str = str.Replace(";",
";");
str = str.Replace(",",
",");
str = str.Replace("?",
"?");
str = str.Replace("<",
"<");
str = str.Replace(">",
">");
str = str.Replace("(",
"(");
str = str.Replace(")",
")");
str = str.Replace("@",
"@");
str = str.Replace("=",
"=");
str = str.Replace("+",
"+");
str = str.Replace("*",
"*");
str = str.Replace("&",
"&");
str = str.Replace("#",
"#");
str = str.Replace("%",
"%");
str = str.Replace("$",
"¥");
return str;
}
4.
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码
</param>
/// <returns>已经去除标记后的文字</returns>
public
string NoHtml(string Htmlstring)
{
if (Htmlstring
== null)
{
return
"";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring,
@"<script[^>]*?>.*?</script>",
"", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring,
@"<(.[^>]*)>",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"([\r\n])[\s]+",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"-->",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"<!--.*",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(quot|#34);",
"\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(amp|#38);",
"&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(lt|#60);",
"<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(gt|#62);",
">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(nbsp|#160);",
" ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(iexcl|#161);",
"\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(cent|#162);",
"\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(pound|#163);",
"\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"&(copy|#169);",
"\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
@"(\d+);",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"xp_cmdshell",
"", RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring,
"select",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"insert",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"delete from",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"count''",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"drop table",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"truncate",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"asc",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"mid",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"char",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"xp_cmdshell",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"exec master",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"net localgroup administrators",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"and",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"net user",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"or",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"net",
"", RegexOptions.IgnoreCase);
//Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"-",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"delete",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"drop",
"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring,
"script",
"", RegexOptions.IgnoreCase);
//特殊的字符
Htmlstring = Htmlstring.Replace("<",
"");
Htmlstring = Htmlstring.Replace(">",
"");
Htmlstring = Htmlstring.Replace("*",
"");
Htmlstring = Htmlstring.Replace("-",
"");
Htmlstring = Htmlstring.Replace("?",
"");
Htmlstring = Htmlstring.Replace("'",
"''");
Htmlstring = Htmlstring.Replace(",",
"");
Htmlstring = Htmlstring.Replace("/",
"");
Htmlstring = Htmlstring.Replace(";",
"");
Htmlstring = Htmlstring.Replace("*/",
"");
Htmlstring = Htmlstring.Replace("\r\n",
"");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
5.
public
static
bool CheckBadWord(string str)
{
string pattern
= @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup
administrators|net user|or|and";
if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))
return
true;
return
false;
}
public
static string Filter(string str)
{
string[] pattern
={ "select",
"insert",
"delete",
"from",
"count\\(",
"drop table",
"update",
"truncate",
"asc\\(",
"mid\\(",
"char\\(",
"xp_cmdshell",
"exec master",
"netlocalgroup administrators",
"net user",
"or",
"and" };
for (int i
= 0; i
< pattern.Length; i++)
{
str = str.Replace(pattern[i].ToString(),
"");
}
return str;
}
相关文章推荐
- android中edittext特殊字符过滤和字符长度限制的最优方法
- Python连接MySQL并使用fetchall()方法过滤特殊字符
- PHP 对特殊字符进行安全过滤的方法与代码示例
- 关于android 中EditText 特殊字符过滤和字符长度限制的最优方法
- 关于android中edittext特殊字符过滤和字符长度限制的最优方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- jquery过滤特殊字符',防sql注入的实现方法
- jquery过滤特殊字符',防sql注入的实现方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- PHP对表单提交特殊字符的过滤和处理方法汇总
- 防御SQL注入方法(2)-过滤特殊字符
- 过滤sql特殊字符方法集合
- jquery validate 增加过滤特殊字符的方法
- Python连接MySQL并使用fetchall()方法过滤特殊字符
- Discuz过滤JSON特殊字符的方法
- 过滤sql特殊字符方法集合
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- C# 过滤sql特殊字符方法集合
- 关于input自动过滤特殊字符的简单方法