zoukankan      html  css  js  c++  java
  • c# 防止sql注入对拼接sql脚本的各个参数处理

     调用方法:GameServerId = this.NoHtml(GameServerId);//GameServerId为一个拼接sql的参数

            /// <summary>
            /// 过滤标记
            /// </summary>
            /// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
            /// <returns>已经去除标记后的文字</returns>
            public string NoHtml(string Htmlstring)
            {
                if (Htmlstring == null)
                {
                    return "";
                }
                else
                {
                    //删除脚本
                    Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
                    //删除HTML
                    Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"([
    ])[s]+", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", """, RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "xa1", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "xa2", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "xa3", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "xa9", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, @"&#(d+);", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
    
                    //删除与数据库相关的词
                    Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase);
                    //Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "--", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase);
                    Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);
    
                    //特殊的字符
                    Htmlstring = Htmlstring.Replace("<", "");
                    Htmlstring = Htmlstring.Replace(">", "");
                    Htmlstring = Htmlstring.Replace("*", "");
                    Htmlstring = Htmlstring.Replace("--", "");
                    Htmlstring = Htmlstring.Replace("?", "");
                    Htmlstring = Htmlstring.Replace("'", "''");
                    Htmlstring = Htmlstring.Replace(",", "");
                    Htmlstring = Htmlstring.Replace("/", "");
                    Htmlstring = Htmlstring.Replace(";", "");
                    Htmlstring = Htmlstring.Replace("*/", "");
                    Htmlstring = Htmlstring.Replace("
    ", "");
                    Htmlstring = Server.HtmlEncode(Htmlstring).Trim();
                    return Htmlstring;
                }
            }
  • 相关阅读:
    Ellipse4SL 的安装包和环境配置要求
    什么是SOHO人
    D2上的Silverlight
    银光团队项目正式启动,欢迎您的参与!
    Silverlight开发团队招募SOHO团员若干
    SOHO新的生活方式
    [银客北京开发团队]承接各种Silverlight和WPF外包项目和合作项目
    微软Silverlight 3.0 概观
    grers
    翻译电文
  • 原文地址:https://www.cnblogs.com/yonguibe/p/4767043.html
Copyright © 2011-2022 走看看