一切福田,不離方寸,從心而覓,感無不通。

c# + mysql防SQL注入方法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
        /// <summary>
        /// 替换SQL注入的危险字符
        /// </summary>
        /// <param name="param"></param>
        /// <returns></returns>
        public static string ReplaceInjectString(string param)
        {
            if (string.IsNullOrEmpty(param))
                return string.Empty;
 
            var result = new StringBuilder(param);
            return result
                    .Replace("'", "&#39;")
                    .Replace(",", "&#44;")
                    .Replace(";", "&#59;")
                    .Replace("(", "&#40;")
                    .Replace("=", "&#61;")
                    .Replace("*", "&#42;")
                    .Replace("&", "&#38;")
                    .ToString();
        }

 

Copyright © 2024 Longsheng All rights reserved