/// summary/// 格式化文本(防止SQL注入)/// /summary/// param name=str/param/// returns/returnspublic static string Formatstr(string html){Regex regex1 = new Regex(@script[\s\S]+/scri...
/// <summary>
/// 格式化文本(防止SQL注入)
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string Formatstr(string html)
{
Regex regex1 = new Regex(@"<script[\s\S]+</script *>", RegexOptions.IgnoreCase);
Regex regex2 = new Regex(@" href *= *[\s\S]*script *:",RegexOptions.IgnoreCase);
Regex regex3 = new Regex(@" on[\s\S]*=",RegexOptions.IgnoreCase);
Regex regex4 = new Regex(@"<iframe[\s\S]+</iframe *>", RegexOptions.IgnoreCase);
Regex regex5 = new Regex(@"<frameset[\s\S]+</frameset *>",RegexOptions.IgnoreCase);
Regex regex10 = new Regex(@"select", RegexOptions.IgnoreCase);
Regex regex11 = new Regex(@"update", RegexOptions.IgnoreCase);
Regex regex12 = new Regex(@"delete", RegexOptions.IgnoreCase);
html = regex1.Replace(html, ""); //过滤<script></script>标记
html = regex2.Replace(html, ""); //过滤href=javascript: (<A>) 属性
html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
html = regex4.Replace(html, ""); //过滤iframe
html = regex10.Replace(html, "s_elect");
html = regex11.Replace(html, "u_pudate");
html = regex12.Replace(html, "d_elete");
html = html.Replace("'", "’");
html = html.Replace(" ", " ");
return html;
}
沃梦达教程
本文标题为:c# 正则格式化文本防止SQL注入
基础教程推荐
猜你喜欢
- Unity实现虚拟摇杆 2023-02-09
- C#使用struct直接转换下位机数据的示例代码 2023-03-29
- c# – 有没有一种很好的方法将结果从外部进程流式传输到Visual Studio输出窗格? 2023-09-19
- C# 基于NPOI操作Excel 2023-04-21
- C# 时间戳转换实例 2023-07-18
- C#使用GZipStream实现文件的压缩与解压 2023-01-06
- C#实现读取txt文件生成Word文档 2023-05-16
- 两篇文章带你走入.NET Core 世界:CentOS+Kestrel+Ngnix 虚拟机先走一遍(一) 2023-09-28
- C# InitializeComponent()方法案例详解 2023-04-28
- C#实现六大设计原则之里氏替换原则 2023-05-17
