using System;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;
using ICSharpCode.SharpZipLib.Zip;
// ReSharper disable once CheckNamespace
namespace DSWeb.SoftMng.Common
{
public class Common
{
///
///SQL注入过滤
///
/// 要过滤的字符串
/// 如果参数存在不安全字符,则返回true
public static bool SqlFilterExist(string source)
{
string pattern = @"(select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|netlocalgroup administrators|net user|or|and|join|dec|exec|chr|declare)([\s+.*]|$)";
if (Regex.IsMatch(source, pattern, RegexOptions.IgnoreCase))
return true;
return false;
}
///
/// 过滤SQL字符。
///
/// 要过滤SQL字符的字符串。
/// 已过滤掉SQL字符的字符串。
public static string ReplaceSqlChar(string str)
{
if (str == String.Empty)
return String.Empty; str = str.Replace("'", "‘");
str = str.Replace(";", ";");
str = str.Replace(",", ",");
str = str.Replace("?", "?");
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("(", "(");
str = str.Replace(")", ")");
str = str.Replace("@", "@");
str = str.Replace("=", "=");
str = str.Replace("+", "+");
str = str.Replace("*", "*");
str = str.Replace("&", "&");
str = str.Replace("#", "#");
str = str.Replace("%", "%");
str = str.Replace("$", "¥");
return str;
}
///
/// 过滤标记
///
/// 包括HTML,脚本,数据库关键字,特殊字符的源码
/// 已经去除标记后的文字
public static string SqlFilterNoHtml(string htmlstring)
{
//删除脚本
htmlstring = Regex.Replace(htmlstring, @"", "", RegexOptions.IgnoreCase);
//删除HTML
htmlstring = Regex.Replace(htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
htmlstring = Regex.Replace(htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
htmlstring = Regex.Replace(htmlstring, @"-->", "", RegexOptions.IgnoreCase);
htmlstring = Regex.Replace(htmlstring, @"