zoukankan      html  css  js  c++  java
  • 格式化文本(防止SQL注入)

     /// <summary>
            /// 格式化文本(防止SQL注入)
            /// </summary>
            /// <param name="str"></param>
            /// <returns></returns>
            public static string Formatstr(string html)
            {
                System.Text.RegularExpressions.Regex regex1 = new System.Text.RegularExpressions.Regex(@"<script[sS]+</script *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex2 = new System.Text.RegularExpressions.Regex(@" href *= *[sS]*script *:", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex3 = new System.Text.RegularExpressions.Regex(@" on[sS]*=", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex4 = new System.Text.RegularExpressions.Regex(@"<iframe[sS]+</iframe *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex5 = new System.Text.RegularExpressions.Regex(@"<frameset[sS]+</frameset *>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex10 = new System.Text.RegularExpressions.Regex(@"select", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex11 = new System.Text.RegularExpressions.Regex(@"update", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                System.Text.RegularExpressions.Regex regex12 = new System.Text.RegularExpressions.Regex(@"delete", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                html = regex1.Replace(html, ""); //过滤<script></script>标记
                html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性
                html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
                html = regex4.Replace(html, ""); //过滤iframe
                html = regex10.Replace(html, "s_elect");
                html = regex11.Replace(html, "u_pudate");
                html = regex12.Replace(html, "d_elete");
                html = html.Replace("'", "’");
                html = html.Replace(" ", " ");
                return html;
            }
    

      

  • 相关阅读:
    Qt 配置fakevim
    CentOS安装Ruby组件
    Linux shell 操作 postgresql,并设置crontab任务
    修改win7锁定界面背景
    Ubuntu安装Redis
    Java 向SQL Server插入文件数据
    用VMware vSphere Client客户端登陆vsphere5提示错误
    DD应用实例
    shell初学
    deepin2014.1快捷键
  • 原文地址:https://www.cnblogs.com/password1/p/13226608.html
Copyright © 2011-2022 走看看