| 范文 |
将字符串安全转换成可安全合成sql语句的值:
public static string dfstrtosql(string str)
{
str = str.tolower();
str = str.replace(', '');
str = str.replace(;--, );
str = str.replace(select, );
str = str.replace( or , );
str = str.replace( and , );
str = str.replace(insert, );
str = str.replace(update, );
str = str.replace(delete, );
str = str.replace(from, );
str = str.replace(exec master, );
str = str.replace(group administrators, );
str = str.replace(xp_cmdshell, );
str = str.replace(drop table, );
str = str.replace(truncate, );
return str;
} |