以下针对c#.net
站在用户的角度思考问题,与客户深入沟通,找到郎溪网站设计与郎溪网站推广的解决方案,凭借多年的经验,让设计与互联网技术结合,创造个性化、用户体验好的作品,建站类型包括:成都网站建设、做网站、企业官网、英文网站、手机端网站、网站推广、域名注册、网站空间、企业邮箱。业务覆盖郎溪地区。
首先添加引用Microsoft.VisualBasic.Dll
引入命名空间using Microsoft.VisualBasic;
使用Replace方法,以下为参数:
Strings.Replace(原字符串的内容,要替换的字段内容,替换后的字段内容,从第几位开始替换(注意默认为1),替换的次数(-1表示所有),是否无视大小写);
例:
public static string cutHtml(string str)
{
str = Strings.Replace(str, "<", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ">", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, """, "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "delete", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "script", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "update", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "exec", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "insert", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "object", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "function", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "drop", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "rename", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "mid", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "exists", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "alter", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "\"", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, "\'", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ";", "", 1, -1, CompareMethod.Text);
str = Strings.Replace(str, ",", "", 1, -1, CompareMethod.Text);
return str;
}
如果您有更好的防sql注入方法请留言 我将非常感谢