以下针对c#.net
首先添加引用Microsoft.VisualBasic.Dll
引入命名空间using Microsoft.VisualBasic;
使用Replace方法,以下为参数:
Strings.Replace(原字符串的内容,要替换的字段内容,替换后的字段内容,从第几位开始替换(注意默认为1),替换的次数(-1表示所有),是否无视大小写);
例:
public static string cutHtml(string str)
{
str = Strings.Replace(str, "<", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ">", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, """, "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "delete", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "script", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "update", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "exec", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "insert", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "object", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "function", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "drop", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "rename", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "mid", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "exists", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "alter", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "\"", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "\'", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ";", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ",", "", 1, -1, CompareMethod.Text);
return str;
}
如果您有更好的防sql注入方法请留言 我将非常感谢
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。