/// <summary> /// 危险字符替换 /// </summary> /// <param name="inputString"></param> /// <returns></returns> public static string replaceStr(string inputString) {
string replaceIn = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|or|and|" + ((char)9).ToString() + "|" + ((char)34).ToString() + "|" + ((char)32).ToString() + "|" + ((char)39).ToString(); string[] ArrayReplaceIn = replaceIn.Split(char.Parse("|")); int i; for (i = 0; i < ArrayReplaceIn.Length; i++) { inputString = inputString.Replace(ArrayReplaceIn[i].ToString(), ""); } return inputString;
}
这个功能放在提交数据前,就可以替换危险字符了!避免挂马以及提高了安全性!
