zoukankan      html  css  js  c++  java
  • c# 防止sql注入对拼接sql脚本的各个参数处理

     调用方法:GameServerId = this.NoHtml(GameServerId);//GameServerId为一个拼接sql的参数

            /// <summary>
            /// 过滤标记
            /// </summary>
            /// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
            /// <returns>已经去除标记后的文字</returns>
            public string NoHtml(string Htmlstring)
            {
                if (Htmlstring == null)
                {
                    return "";
                }
                else
                {
                    //删除脚本
                    Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
                    //删除HTML
                    Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"([
    ])[s]+", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", """, RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "xa1", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "xa2", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "xa3", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "xa9", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&#(d+);", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
    
                    //删除与数据库相关的词
                    Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase);
                    //Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "--", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);
    
                    //特殊的字符
                    Htmlstring = Htmlstring.Replace("<", "");
                    Htmlstring = Htmlstring.Replace(">", "");
                    Htmlstring = Htmlstring.Replace("*", "");
                    Htmlstring = Htmlstring.Replace("--", "");
                    Htmlstring = Htmlstring.Replace("?", "");
                    Htmlstring = Htmlstring.Replace("'", "''");
                    Htmlstring = Htmlstring.Replace(",", "");
                    Htmlstring = Htmlstring.Replace("/", "");
                    Htmlstring = Htmlstring.Replace(";", "");
                    Htmlstring = Htmlstring.Replace("*/", "");
                    Htmlstring = Htmlstring.Replace("
    ", "");
                    Htmlstring = Server.HtmlEncode(Htmlstring).Trim();
                    return Htmlstring;
                }
            }
  • 相关阅读:
    LeetCode OJ 107. Binary Tree Level Order Traversal II
    LeetCode OJ 116. Populating Next Right Pointers in Each Node
    LeetCode OJ 108. Convert Sorted Array to Binary Search Tree
    LeetCode OJ 105. Construct Binary Tree from Preorder and Inorder Traversal
    LeetCode OJ 98. Validate Binary Search Tree
    老程序员解Bug的通用套路
    转载 四年努力,梦归阿里,和大家聊聊成长感悟
    转载面试感悟----一名3年工作经验的程序员应该具备的技能
    Web Service和Servlet的区别
    关于spring xml文件中的xmlns,xsi:schemaLocation
  • 原文地址:https://www.cnblogs.com/yonguibe/p/4767043.html
Copyright © 2011-2022 走看看