过滤sql特殊字符方法集合
2014-01-07 20:17
197 查看
/// <summary>
/// 过滤不安全的字符串
/// </summary>
/// <param name="Str"></param>
/// <returns></returns>
public static string FilteSQLStr( string Str)
{
Str = Str.Replace( " ' " , "" );
Str = Str.Replace( " /" " , "" );
Str = Str.Replace( " & " , " & " );
Str = Str.Replace( " < " , " < " );
Str = Str.Replace( " > " , " > " );
Str = Str.Replace( " delete " , "" );
Str = Str.Replace( " update " , "" );
Str = Str.Replace( " insert " , "" );
return Str;
}
2.
#region 过滤 Sql 语句字符串中的注入脚本
/// <summary>
/// 过滤 Sql 语句字符串中的注入脚本
/// </summary>
/// <param name="source"> 传入的字符串 </param>
/// <returns> 过 滤后的字符串 </returns>
public static string SqlFilter( string source)
{
// 单引号替换成两个单引号
source = source.Replace( " ' " , " '' " );
// 半角封号替换为全角封号,防止多语句执行
source = source.Replace( " ; " , " ; " );
// 半角括号替换为全角括号
source = source.Replace( " ( " , " ( " );
source = source.Replace( " ) " , " ) " );
/////////////// 要用正则表达式替换,防止字母大小写得情况 ////////////////// //
// 去除执行存储过程的命令关键字
source = source.Replace( " Exec " , "" );
source = source.Replace( " Execute " , "" );
// 去除系统存储过程或扩展存储过程关键字
source = source.Replace( " xp_ " , " x p_ " );
source = source.Replace( " sp_ " , " s p_ " );
// 防止16进制注入
source = source.Replace( " 0x " , " 0 x " );
return source;
}
#endregion
3.
/// 过滤SQL字符。
/// </summary>
/// <param name="str"> 要过滤SQL字符的字符串。 </param>
/// <returns> 已过滤掉SQL字符的字符串。 </returns>
public static string ReplaceSQLChar( string str)
{
if (str == String.Empty)
return String.Empty; str = str.Replace( " ' " , " ‘ " );
str = str.Replace( " ; " , " ; " );
str = str.Replace( " , " , " , " );
str = str.Replace( " ? " , " ? " );
str = str.Replace( " < " , " < " );
str = str.Replace( " > " , " > " );
str = str.Replace( " ( " , " ( " );
str = str.Replace( " ) " , " ) " );
str = str.Replace( " @ " , " @ " );
str = str.Replace( " = " , " = " );
str = str.Replace( " + " , " + " );
str = str.Replace( " * " , " * " );
str = str.Replace( " & " , " & " );
str = str.Replace( " # " , " # " );
str = str.Replace( " % " , " % " );
str = str.Replace( " $ " , " ¥ " );
return str;
}
4.
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML"> 包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns> 已经去除标记后的文字 </returns>
public string NoHtml( string Htmlstring)
{
if (Htmlstring == null )
{
return "" ;
}
else
{
// 删除脚本
Htmlstring = Regex.Replace(Htmlstring, @" <script[^>]*?>.*?</script> " , "" , RegexOptions.IgnoreCase);
// 删除HTML
Htmlstring = Regex.Replace(Htmlstring, @" <(.[^>]*)> " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" ([/r/n])[/s]+ " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" --> " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" <!--.* " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(quot|#34); " , " /" " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(amp|#38); " , " & " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(lt|#60); " , " < " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(gt|#62); " , " > " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(nbsp|#160); " , " " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(iexcl|#161); " , " /xa1 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(cent|#162); " , " /xa2 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(pound|#163); " , " /xa3 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(copy|#169); " , " /xa9 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &#(/d+); " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " xp_cmdshell " , "" , RegexOptions.IgnoreCase);
// 删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, " select " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " insert " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " delete from " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " count'' " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " drop table " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " truncate " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " asc " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " mid " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " char " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " xp_cmdshell " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " exec master " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " net localgroup administrators " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " and " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " net user " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " or " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " net " , "" , RegexOptions.IgnoreCase);
// Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " - " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " delete " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " drop " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " script " , "" , RegexOptions.IgnoreCase);
// 特殊的字符
Htmlstring = Htmlstring.Replace( " < " , "" );
Htmlstring = Htmlstring.Replace( " > " , "" );
Htmlstring = Htmlstring.Replace( " * " , "" );
Htmlstring = Htmlstring.Replace( " - " , "" );
Htmlstring = Htmlstring.Replace( " ? " , "" );
Htmlstring = Htmlstring.Replace( " ' " , " '' " );
Htmlstring = Htmlstring.Replace( " , " , "" );
Htmlstring = Htmlstring.Replace( " / " , "" );
Htmlstring = Htmlstring.Replace( " ; " , "" );
Htmlstring = Htmlstring.Replace( " */ " , "" );
Htmlstring = Htmlstring.Replace( " /r/n " , "" );
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
5.
public static bool CheckBadWord( string str)
{
string pattern = @" select|insert|delete|from|count/(|drop table|update|truncate|asc/(|mid/(|char/(|xp_cmdshell|exec master|netlocalgroup administrators|net user|or|and" ;
if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))
return true ;
return false ;
}
public static string Filter( string str)
{
string [] pattern = { " select " , " insert " , " delete " , " from " , " count//( " , " drop table " , " update " , " truncate" , " asc//( " , " mid//( " , " char//( " , " xp_cmdshell " , " exec master " , " netlocalgroup administrators " , " net user " , " or " , " and " };
for ( int i = 0 ; i < pattern.Length; i ++ )
{
str = str.Replace(pattern[i].ToString(), "" );
}
return str;
}
/// 过滤不安全的字符串
/// </summary>
/// <param name="Str"></param>
/// <returns></returns>
public static string FilteSQLStr( string Str)
{
Str = Str.Replace( " ' " , "" );
Str = Str.Replace( " /" " , "" );
Str = Str.Replace( " & " , " & " );
Str = Str.Replace( " < " , " < " );
Str = Str.Replace( " > " , " > " );
Str = Str.Replace( " delete " , "" );
Str = Str.Replace( " update " , "" );
Str = Str.Replace( " insert " , "" );
return Str;
}
2.
#region 过滤 Sql 语句字符串中的注入脚本
/// <summary>
/// 过滤 Sql 语句字符串中的注入脚本
/// </summary>
/// <param name="source"> 传入的字符串 </param>
/// <returns> 过 滤后的字符串 </returns>
public static string SqlFilter( string source)
{
// 单引号替换成两个单引号
source = source.Replace( " ' " , " '' " );
// 半角封号替换为全角封号,防止多语句执行
source = source.Replace( " ; " , " ; " );
// 半角括号替换为全角括号
source = source.Replace( " ( " , " ( " );
source = source.Replace( " ) " , " ) " );
/////////////// 要用正则表达式替换,防止字母大小写得情况 ////////////////// //
// 去除执行存储过程的命令关键字
source = source.Replace( " Exec " , "" );
source = source.Replace( " Execute " , "" );
// 去除系统存储过程或扩展存储过程关键字
source = source.Replace( " xp_ " , " x p_ " );
source = source.Replace( " sp_ " , " s p_ " );
// 防止16进制注入
source = source.Replace( " 0x " , " 0 x " );
return source;
}
#endregion
3.
/// 过滤SQL字符。
/// </summary>
/// <param name="str"> 要过滤SQL字符的字符串。 </param>
/// <returns> 已过滤掉SQL字符的字符串。 </returns>
public static string ReplaceSQLChar( string str)
{
if (str == String.Empty)
return String.Empty; str = str.Replace( " ' " , " ‘ " );
str = str.Replace( " ; " , " ; " );
str = str.Replace( " , " , " , " );
str = str.Replace( " ? " , " ? " );
str = str.Replace( " < " , " < " );
str = str.Replace( " > " , " > " );
str = str.Replace( " ( " , " ( " );
str = str.Replace( " ) " , " ) " );
str = str.Replace( " @ " , " @ " );
str = str.Replace( " = " , " = " );
str = str.Replace( " + " , " + " );
str = str.Replace( " * " , " * " );
str = str.Replace( " & " , " & " );
str = str.Replace( " # " , " # " );
str = str.Replace( " % " , " % " );
str = str.Replace( " $ " , " ¥ " );
return str;
}
4.
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML"> 包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns> 已经去除标记后的文字 </returns>
public string NoHtml( string Htmlstring)
{
if (Htmlstring == null )
{
return "" ;
}
else
{
// 删除脚本
Htmlstring = Regex.Replace(Htmlstring, @" <script[^>]*?>.*?</script> " , "" , RegexOptions.IgnoreCase);
// 删除HTML
Htmlstring = Regex.Replace(Htmlstring, @" <(.[^>]*)> " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" ([/r/n])[/s]+ " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" --> " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" <!--.* " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(quot|#34); " , " /" " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(amp|#38); " , " & " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(lt|#60); " , " < " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(gt|#62); " , " > " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(nbsp|#160); " , " " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(iexcl|#161); " , " /xa1 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(cent|#162); " , " /xa2 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(pound|#163); " , " /xa3 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &(copy|#169); " , " /xa9 " , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @" &#(/d+); " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " xp_cmdshell " , "" , RegexOptions.IgnoreCase);
// 删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, " select " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " insert " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " delete from " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " count'' " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " drop table " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " truncate " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " asc " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " mid " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " char " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " xp_cmdshell " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " exec master " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " net localgroup administrators " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " and " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " net user " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " or " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " net " , "" , RegexOptions.IgnoreCase);
// Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " - " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " delete " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " drop " , "" , RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, " script " , "" , RegexOptions.IgnoreCase);
// 特殊的字符
Htmlstring = Htmlstring.Replace( " < " , "" );
Htmlstring = Htmlstring.Replace( " > " , "" );
Htmlstring = Htmlstring.Replace( " * " , "" );
Htmlstring = Htmlstring.Replace( " - " , "" );
Htmlstring = Htmlstring.Replace( " ? " , "" );
Htmlstring = Htmlstring.Replace( " ' " , " '' " );
Htmlstring = Htmlstring.Replace( " , " , "" );
Htmlstring = Htmlstring.Replace( " / " , "" );
Htmlstring = Htmlstring.Replace( " ; " , "" );
Htmlstring = Htmlstring.Replace( " */ " , "" );
Htmlstring = Htmlstring.Replace( " /r/n " , "" );
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}
}
5.
public static bool CheckBadWord( string str)
{
string pattern = @" select|insert|delete|from|count/(|drop table|update|truncate|asc/(|mid/(|char/(|xp_cmdshell|exec master|netlocalgroup administrators|net user|or|and" ;
if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))
return true ;
return false ;
}
public static string Filter( string str)
{
string [] pattern = { " select " , " insert " , " delete " , " from " , " count//( " , " drop table " , " update " , " truncate" , " asc//( " , " mid//( " , " char//( " , " xp_cmdshell " , " exec master " , " netlocalgroup administrators " , " net user " , " or " , " and " };
for ( int i = 0 ; i < pattern.Length; i ++ )
{
str = str.Replace(pattern[i].ToString(), "" );
}
return str;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 过滤sql特殊字符方法集合
- C# 过滤sql特殊字符方法集合
- C#实现过滤sql特殊字符的方法集合
- C# 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- 过滤sql特殊字符方法集合
- PHP 对特殊字符进行安全过滤的方法与代码示例
- JQuery中的id选择器含有特殊字符时,不能选中dom元素的解决方法
- Spring 的优秀工具类盘点,第 2 部分: 特殊字符转义和方法入参检测工具类
- jquery validate 增加过滤特殊字符的方法
- 使用<a>标签调用struts2的action、传递动态参数、以及参数中出现加号等特殊字符的处理方法
- PHP使用preg_split()分割特殊字符(元字符等)的方法分析
- 浅谈jquery的html方法里包含特殊字符的处理
- javaScript正则匹配汉字与特殊字符(项目中遇到关键字匹配的方法)
- Linux系统下串口接收数据,部分特殊字符丢失的解决方法
- url特殊字符转义及解决方法
- 'Invalid parameter not satisfying: URLString'网络请求的时候get使用特殊字符和汉字崩溃的恶心bug解决方法
- 《Python CookBook2》 第一章 文本 - 检查字符串中是否包含某字符集合中的字符 && 简化字符串的translate方法的使用
- infobright导入数据遇到特殊字符报错的解决方法