using System; using System.IO; using System.Linq; using System.Security.Cryptography; using System.Text; using System.Text.RegularExpressions; using System.Web; // ReSharper disable once CheckNamespace namespace DSWeb.SoftMng.Common { public class Common { /// ///SQL注入过滤 /// /// 要过滤的字符串 /// 如果参数存在不安全字符,则返回true public static bool SqlFilterExist(string source) { string pattern = @"(select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|netlocalgroup administrators|net user|or|and|join|dec|exec|chr|declare)([\s+.*]|$)"; if (Regex.IsMatch(source, pattern, RegexOptions.IgnoreCase)) return true; return false; } /// /// 过滤SQL字符。 /// /// 要过滤SQL字符的字符串。 /// 已过滤掉SQL字符的字符串。 public static string ReplaceSqlChar(string str) { if (str == String.Empty) return String.Empty; str = str.Replace("'", "‘"); str = str.Replace(";", ";"); str = str.Replace(",", ","); str = str.Replace("?", "?"); str = str.Replace("<", "<"); str = str.Replace(">", ">"); str = str.Replace("(", "("); str = str.Replace(")", ")"); str = str.Replace("@", "@"); str = str.Replace("=", "="); str = str.Replace("+", "+"); str = str.Replace("*", "*"); str = str.Replace("&", "&"); str = str.Replace("#", "#"); str = str.Replace("%", "%"); str = str.Replace("$", "¥"); return str; } /// /// 过滤标记 /// /// 包括HTML,脚本,数据库关键字,特殊字符的源码 /// 已经去除标记后的文字 public static string SqlFilterNoHtml(string htmlstring) { //删除脚本 htmlstring = Regex.Replace(htmlstring, @"]*?>.*?", "", RegexOptions.IgnoreCase); //删除HTML htmlstring = Regex.Replace(htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase); htmlstring = Regex.Replace(htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase); htmlstring = Regex.Replace(htmlstring, @"-->", "", RegexOptions.IgnoreCase); htmlstring = Regex.Replace(htmlstring, @"