过滤sql特殊字符方法集合

/// <summary>
    /// 过滤不安全的字符串
    /// </summary>
    /// <param name="Str"></param>
    /// <returns></returns>
    public static string FilteSQLStr( string Str)
    {

        Str = Str.Replace( " ' " , "" );
        Str = Str.Replace( " /" " , "" );
        Str = Str.Replace( " & " , " &amp " );
        Str = Str.Replace( " < " , " &lt " );
        Str = Str.Replace( " > " , " &gt " );

        Str = Str.Replace( " delete " , "" );
        Str = Str.Replace( " update " , "" );
        Str = Str.Replace( " insert " , "" );

        return Str;
    }

#region 过滤 Sql 语句字符串中的注入脚本
        /// <summary>
        /// 过滤 Sql 语句字符串中的注入脚本
        /// </summary>
        /// <param name="source"> 传入的字符串 </param>
        /// <returns> 过滤后的字符串 </returns>
        public static string SqlFilter( string source)
        {
            // 单引号替换成两个单引号
            source = source.Replace( " ' " , " '' " );

            // 半角封号替换为全角封号，防止多语句执行
            source = source.Replace( " ; " , " ； " );

            // 半角括号替换为全角括号
            source = source.Replace( " ( " , " （ " );
            source = source.Replace( " ) " , " ） " );

            /////////////// 要用正则表达式替换，防止字母大小写得情况 ////////////////// //

            // 去除执行存储过程的命令关键字
            source = source.Replace( " Exec " , "" );
            source = source.Replace( " Execute " , "" );

            // 去除系统存储过程或扩展存储过程关键字
            source = source.Replace( " xp_ " , " x p_ " );
            source = source.Replace( " sp_ " , " s p_ " );

            // 防止16进制注入
            source = source.Replace( " 0x " , " 0 x " );

            return source;
        }
        #endregion

/// 过滤SQL字符。
        /// </summary>
        /// <param name="str"> 要过滤SQL字符的字符串。 </param>
        /// <returns> 已过滤掉SQL字符的字符串。 </returns>
        public static string ReplaceSQLChar( string str)
        {
            if (str == String.Empty)
                return String.Empty; str = str.Replace( " ' " , " ‘ " );
            str = str.Replace( " ; " , " ； " );
            str = str.Replace( " , " , " , " );
            str = str.Replace( " ? " , " ? " );
            str = str.Replace( " < " , " ＜ " );
            str = str.Replace( " > " , " ＞ " );
            str = str.Replace( " ( " , " ( " );
            str = str.Replace( " ) " , " ) " );
            str = str.Replace( " @ " , " ＠ " );
            str = str.Replace( " = " , " ＝ " );
            str = str.Replace( " + " , " ＋ " );
            str = str.Replace( " * " , " ＊ " );
            str = str.Replace( " & " , " ＆ " );
            str = str.Replace( " # " , " ＃ " );
            str = str.Replace( " % " , " ％ " );
            str = str.Replace( " $ " , " ￥ " );

            return str;
        }
4.

/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML"> 包括HTML，脚本，数据库关键字，特殊字符的源码 </param>
/// <returns> 已经去除标记后的文字 </returns>
public string NoHtml( string Htmlstring)
{
    if (Htmlstring == null )
    {
        return "" ;
    }
    else
    {
        // 删除脚本
         Htmlstring = Regex.Replace(Htmlstring, @" <script[^>]*?>.*?</script> " , "" , RegexOptions.IgnoreCase);
        // 删除HTML
        Htmlstring = Regex.Replace(Htmlstring, @" <(.[^>]*)> " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" ([/r/n])[/s]+ " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" --> " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" <!--.* " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(quot|#34); " , " /" " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(amp|#38); " , " & " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(lt|#60); " , " < " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(gt|#62); " , " > " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(nbsp|#160); " , " " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(iexcl|#161); " , " /xa1 " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(cent|#162); " , " /xa2 " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(pound|#163); " , " /xa3 " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &(copy|#169); " , " /xa9 " , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, @" &#(/d+); " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " xp_cmdshell " , "" , RegexOptions.IgnoreCase);

        // 删除与数据库相关的词
         Htmlstring = Regex.Replace(Htmlstring, " select " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " insert " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " delete from " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " count'' " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " drop table " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " truncate " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " asc " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " mid " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " char " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " xp_cmdshell " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " exec master " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " net localgroup administrators " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " and " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " net user " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " or " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " net " , "" , RegexOptions.IgnoreCase);
        // Htmlstring = Regex.Replace(Htmlstring, "*", "", RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " - " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " delete " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " drop " , "" , RegexOptions.IgnoreCase);
        Htmlstring = Regex.Replace(Htmlstring, " script " , "" , RegexOptions.IgnoreCase);

        // 特殊的字符
         Htmlstring = Htmlstring.Replace( " < " , "" );
        Htmlstring = Htmlstring.Replace( " > " , "" );
        Htmlstring = Htmlstring.Replace( " * " , "" );
        Htmlstring = Htmlstring.Replace( " - " , "" );
        Htmlstring = Htmlstring.Replace( " ? " , "" );
        Htmlstring = Htmlstring.Replace( " ' " , " '' " );
        Htmlstring = Htmlstring.Replace( " , " , "" );
        Htmlstring = Htmlstring.Replace( " / " , "" );
        Htmlstring = Htmlstring.Replace( " ; " , "" );
        Htmlstring = Htmlstring.Replace( " */ " , "" );
        Htmlstring = Htmlstring.Replace( " /r/n " , "" );
        Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();

        return Htmlstring;
   }
}

5.

public static bool CheckBadWord( string str)
{
string pattern = @" select|insert|delete|from|count/(|drop table|update|truncate|asc/(|mid/(|char/(|xp_cmdshell|exec master|netlocalgroup administrators|net user|or|and" ;
if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase))
return true ;
return false ;
}
public static string Filter( string str)
{
string [] pattern = { " select " , " insert " , " delete " , " from " , " count//( " , " drop table " , " update " , " truncate" , " asc//( " , " mid//( " , " char//( " , " xp_cmdshell " , " exec master " , " netlocalgroup administrators " , " net user " , " or " , " and " };
for ( int i = 0 ; i < pattern.Length; i ++ )
{
str = str.Replace(pattern[i].ToString(), "" );
}
return str;
}