asp.net中防SQL注入的字符串处理办法以及重要信息MD5加密方法

 public static bool ConvertSql(string str)
    {
        string[] checkstr = new string[] { "select", "insert", "delete from", "count(", "drop table", "update", "truncate", "asc(", "mid(", "char(", "xp_cmdshell", "exec master", "net localgroup administrators", "and", "net user", "or", "'" };
        bool result = true;
        foreach (string temp in checkstr)
        {
            if (str.ToLower().IndexOf(temp) != -1)
            {
                result = false;
            }
         
        }

        return result;
    }

 

  private static string Convert(string str)
    {
        MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider();
        return BitConverter.ToString(MD5.ComputeHash(Encoding.GetEncoding("gb2312").GetBytes(str))).Replace("-","");
    }
    public static string GetMD5Hash(string str)
    {
        string temp = Convert(str).Substring(8, 16).ToLower();
        return Convert(temp).Substring(8, 16).ToLower();
    }

你可能感兴趣的:(sql,加密,String,delete,asp.net,insert)