【数据库】 防止sql注入,过滤敏感关键字

private bool FilterIllegalChar(string sWord) 

{

    var result = false;

    var keyWord = @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";

    string StrRegex = @"[-|;|,|/|\(|\)|\[|\]|}|{|%|\@|*|!|']";

    if (Regex.IsMatch(sWord, keyWord, RegexOptions.IgnoreCase) || Regex.IsMatch(sWord, StrRegex))

        return true;



    return result;

}

 

你可能感兴趣的:(sql注入)