2024年3月26日发(作者:)
Htmlstring = e(Htmlstring, @" &(quot|#34); " , " /" " , Case);
Htmlstring = e(Htmlstring, @" &(amp|#38); " , " & " , Case);
Htmlstring = e(Htmlstring, @" &(lt|#60); " , " < " , Case);
Htmlstring = e(Htmlstring, @" &(gt|#62); " , " > " , Case);
Htmlstring = e(Htmlstring, @" &(nbsp|#160); " , " " , Case);
Htmlstring = e(Htmlstring, @" &(iexcl|#161); " , " /xa1 " , Case);
Htmlstring = e(Htmlstring, @" &(cent|#162); " , " /xa2 " , Case);
Htmlstring = e(Htmlstring, @" &(pound|#163); " , " /xa3 " , Case);
Htmlstring = e(Htmlstring, @" &(copy|#169); " , " /xa9 " , Case);
Htmlstring = e(Htmlstring, @" &#(/d+); " , "" , Case);
Htmlstring = e(Htmlstring, " xp_cmdshell " , "" , Case);
// 删除与数据库相关的词
Htmlstring = e(Htmlstring, " select " , "" , Case);
Htmlstring = e(Htmlstring, " insert " , "" , Case);
Htmlstring = e(Htmlstring, " delete from " , "" , Case);
Htmlstring = e(Htmlstring, " count'' " , "" , Case);
Htmlstring = e(Htmlstring, " drop table " , "" , Case);
Htmlstring = e(Htmlstring, " truncate " , "" , Case);
Htmlstring = e(Htmlstring, " asc " , "" , Case);
Htmlstring = e(Htmlstring, " mid " , "" , Case);
Htmlstring = e(Htmlstring, " char " , "" , Case);
Htmlstring = e(Htmlstring, " xp_cmdshell " , "" , Case);
Htmlstring = e(Htmlstring, " exec master " , "" , Case);
Htmlstring = e(Htmlstring, " net localgroup administrators " , "" , Case);
Htmlstring = e(Htmlstring, " and " , "" , Case);
Htmlstring = e(Htmlstring, " net user " , "" , Case);
Htmlstring = e(Htmlstring, " or " , "" , Case);
Htmlstring = e(Htmlstring, " net " , "" , Case);
// Htmlstring = e(Htmlstring, "*", "", Case);
Htmlstring = e(Htmlstring, " - " , "" , Case);
Htmlstring = e(Htmlstring, " delete " , "" , Case);
Htmlstring = e(Htmlstring, " drop " , "" , Case);
Htmlstring = e(Htmlstring, " script " , "" , Case);
// 特殊的字符
Htmlstring = e( " < " , "" );
Htmlstring = e( " > " , "" );
Htmlstring = e( " * " , "" );
Htmlstring = e( " - " , "" );
Htmlstring = e( " ? " , "" );
Htmlstring = e( " ' " , " '' " );
Htmlstring = e( " , " , "" );
Htmlstring = e( " / " , "" );
Htmlstring = e( " ; " , "" );
Htmlstring = e( " */ " , "" );
Htmlstring = e( " /r/n " , "" );
Htmlstring = code(Htmlstring).Trim();
return Htmlstring;
}
}
5.
public static bool CheckBadWord( string str)
{
string pattern = @" select|insert|delete|from|count/(|drop table|update|truncate|asc/(|mid/(|char/(|xp_cmdshell|exec master|netlocalgroup
administrators|net user|or|and" ;
if (h(str, pattern, Case))
return true ;
return false ;
}
public static string Filter( string str)
{
string [] pattern = { " select " , " insert " , " delete " , " from " , " count//( " , " drop
table " , " update " , " truncate" , " asc//( " , " mid//( " , " char//( " , " xp_cmdshell " , " exec master " , " netlocalgroup administrators " , " net
user " , " or " , " and " };
for ( int i = 0 ; i < ; i ++ )
{
str = e(pattern[i].ToString(), "" );
}
return str;
}
发布评论