日期:2014-05-17  浏览次数:20987 次

ASP.NET 替换字符 防SQL注入

/// <summary>
??? /// 处理字符串
??? /// </summary>
??? /// <param name="str">要处理的字符</param>
??? /// <returns>string</returns>
??? public static string GetStr(string str)
??? {
??????? if (str == null || str == "")
??????????? return "";
??????? str = str.ToLower();
??????? str = str.Replace(",", "");
??????? str = str.Replace(",", "");
??????? str = str.Replace("'", "");
??????? str = str.Replace("‘", "");
??????? str = str.Replace("’", "");
??????? str = str.Replace("@", "");
??????? str = str.Replace("@", "");
??????? str = str.Replace(".", "");
??????? str = str.Replace("。", "");
??????? str = str.Replace(" ", "");//处理空格?? (两个空格就可以了)???
??????? str = str.Replace("<", "");//处理小于号???