C#语言:
/// <summary>
/// 过滤
/// </summary>
/// <param name="Input">要过滤的字符串</param>
/// <returns></returns>
public static string Filter(string Input)
{
if (Input == null)
return null;
string pattern = @"*|and|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";
if (Regex.Match(Input, Regex.Escape(pattern), RegexOptions.Compiled | RegexOptions.IgnoreCase).Success)
throw new Exception("字符串中含有非法字符!");
string output = Input.Replace("'", "''");
return output;
}
/// 过滤
/// </summary>
/// <param name="Input">要过滤的字符串</param>
/// <returns></returns>
public static string Filter(string Input)
{
if (Input == null)
return null;
string pattern = @"*|and|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";
if (Regex.Match(Input, Regex.Escape(pattern), RegexOptions.Compiled | RegexOptions.IgnoreCase).Success)
throw new Exception("字符串中含有非法字符!");
string output = Input.Replace("'", "''");
return output;
}
/// <summary>
/// 过滤JS代码
/// </summary>
/// <param name="Input">要过滤的字符串</param>
/// <returns></returns>
public static string FilterHtml(string Input)
{
if (Input == null)
return null;
string pattern = @"<script[/s/S]*?</script>|<script[/s/S]*?/>|on(blur|click|databinding|dblclick|disposed|focus|init|keydown|keypress|load|mousedown|mousemove|mouseout|mouseover|mouseup|mouseup|prerender|serverclick|unload)";
Input = Regex.Replace(Input, pattern, "", RegexOptions.IgnoreCase);
return Input;
}