/// <summary> /// 格式化文本(防止SQL注入) /// </summary> /// <param name="str"></param> /// <returns></returns> public static string Formatstr(string html) { Regex regex1 = new Regex(@"<script[sS]+</script *>", RegexOptions.IgnoreCase); Regex regex2 = new Regex(@" href *= *[sS]*script *:",RegexOptions.IgnoreCase); Regex regex3 = new Regex(@" on[sS]*=",RegexOptions.IgnoreCase); Regex regex4 = new Regex(@"<iframe[sS]+</iframe *>", RegexOptions.IgnoreCase); Regex regex5 = new Regex(@"<frameset[sS]+</frameset *>",RegexOptions.IgnoreCase); Regex regex10 = new Regex(@"select", RegexOptions.IgnoreCase); Regex regex11 = new Regex(@"update", RegexOptions.IgnoreCase); Regex regex12 = new Regex(@"delete", RegexOptions.IgnoreCase); html = regex1.Replace(html, ""); //过滤<script></script>标记 html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性 html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件 html = regex4.Replace(html, ""); //过滤iframe html = regex10.Replace(html, "s_elect"); html = regex11.Replace(html, "u_pudate"); html = regex12.Replace(html, "d_elete"); html = html.Replace("'", "’"); html = html.Replace(" ", " "); return html; }
c# 正则格式化文本防止SQL注入
从此山高路远,纵马扬鞭。愿往后旅途,三冬暖,春不寒,天黑有灯,下雨有伞。此生尽兴,不负勇往。