sql过滤检验

    /// <summary>
    /// 过滤SQL注入
    /// </summary>
    /// <param name="strSQL"></param>
    /// <returns></returns>
    public static bool CheckSQLInjection(string strSQL)
    {
        if (string.IsNullOrEmpty(strSQL))
        {
            return true;
        }
        else
        {
            Regex RegExpression = new Regex(@"\s");
            strSQL = RegExpression.Replace(strSQL.Trim().Trim().ToLower().Replace("%20", " "), " ");
            string Pattern = @"select |insert |delete from |count\(|drop table|update |truncate |asc\(|mid\(|char\(|xp_cmdshell|exec master|net localgroup administrators|:|net user|""|\'| or ";

            if (Regex.IsMatch(strSQL, Pattern))
            {
                return true;
            }
            else
            {
                return false;
            }
        }
    }