//替换非法字符
public string ReplaceDangerCode (string Temp)
{
Temp = Temp.Replace("'","");
Temp = Temp.Replace("\"","");
Temp = Temp.Replace("or","");
Temp = Temp.Replace("&","");
Temp = Temp.Replace("*","");
Temp = Temp.Replace("select ","");
Temp = Temp.Replace("insert ","");
Temp = Temp.Replace("delete ","");
Temp = Temp.Replace("count(","");
Temp = Temp.Replace("drop table ","");
Temp = Temp.Replace("update ","");
Temp = Temp.Replace("truncate ","");
Temp = Temp.Replace("asc(","");
Temp = Temp.Replace("mid(","");
Temp = Temp.Replace("char(","");
Temp = Temp.Replace("xp_cmdshell","");
Temp = Temp.Replace("exec master","");
Temp = Temp.Replace("net localgroup administrators","");
Temp = Temp.Replace(" and ","");
Temp = Temp.Replace("net user","");
Temp = Temp.Replace(" or ","");
return Temp;
}