一、

// <summary>

    /// 过滤标记

    /// </summary>

    /// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>

    /// <returns>已经去除标记后的文字</returns>

    public static string NoHTML(string Htmlstring)

    {

        if (Htmlstring == null)

        {

            return "";

        }

        else

        {

            //删除脚本

            Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);

            //删除HTML

            Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

            //删除与数据库相关的词

            Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase);

            //Htmlstring =  Regex.Replace(Htmlstring,"*", "", RegexOptions.IgnoreCase);

            //Htmlstring =  Regex.Replace(Htmlstring,"-", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);

            //特殊的字符

            Htmlstring = Htmlstring.Replace("<", "");

            Htmlstring = Htmlstring.Replace(">", "");

            Htmlstring = Htmlstring.Replace("*", "");

            Htmlstring = Htmlstring.Replace("-", "");

            Htmlstring = Htmlstring.Replace("?", "");

            Htmlstring = Htmlstring.Replace(",", "");

            Htmlstring = Htmlstring.Replace("/", "");

            Htmlstring = Htmlstring.Replace(";", "");

            Htmlstring = Htmlstring.Replace("*/", "");

            Htmlstring = Htmlstring.Replace("\r\n", "");

            Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();

            return Htmlstring;

        }

    }

二、

 private bool ProcessSqlStr(string Str)//判断地址栏特殊字符

    {

        bool ReturnValue = true;

        try

        {

            if (Str.Trim() != "")

            {

                //string SqlStr = "and ¦exec ¦insert ¦select ¦delete ¦update ¦count ¦* ¦chr ¦mid ¦master ¦truncate ¦char ¦declare";

                string SqlStr = "--¦'¦script¦exec¦iframe¦where¦or¦order¦create¦and¦insert¦select¦delete¦update¦mid¦master¦truncate¦declare";

                string[] anySqlStr = SqlStr.Split('¦');

                foreach (string ss in anySqlStr)

                {

                    if (Str.ToLower().IndexOf(ss) >= )

                    {

                        ReturnValue = false;

                        break;

                    }

                }

            }

        }

        catch

        {

            ReturnValue = false;

        }

        return ReturnValue;

    }

asp.net的sql防注入和去除html标记的方法的更多相关文章

  1. SQL防注入程序 v1.0

    /// ***************C#版SQL防注入程序 v1.0************ /// *使用方法: /// 一.整站防注入(推荐) /// 在Global.asax.cs中查找App ...

  2. sql 防注入 维基百科

    http://zh.wikipedia.org/wiki/SQL%E8%B3%87%E6%96%99%E9%9A%B1%E7%A2%BC%E6%94%BB%E6%93%8A SQL攻击(SQL inj ...

  3. PHP之SQL防注入代码集合(建站常用)

    SQL防注入代码一 <?php if (!function_exists (quote)) { function quote($var) { if (strlen($var)) { $var=! ...

  4. 特殊字符的过滤方法,防sql防注入代码的过滤方法

    特殊字符的过滤方法 function strFilter($str){ //特殊字符的过滤方法 $str = str_replace('`', '', $str); $str = str_replac ...

  5. SQL防注入程序

    1.在Global.asax.cs中写入: protected void Application_BeginRequest(Object sender,EventArgs e){      SqlIn ...

  6. PHP SQL防注入

    过年前后在做一个抽奖的东西,需要用户填写中奖信息,为了防止非法用户对数据库进行入侵神马的,于是写下基本的防注入语句,需要用的可以自己封装成一个function. $str = str_replace( ...

  7. asp.net防SQL/JS注入攻击:过滤标记

    /// <summary>/// 过滤标记/// </summary>/// <param name="NoHTML">包括HTML,脚本,数据 ...

  8. .net 过滤 sql防注入类,省地以后每次都要重新弄!

    /// <summary>    /// 过滤不安全的字符串    /// </summary>    /// <param name="Str"&g ...

  9. 360提供的SQL防注入

    <?php class sqlsafe { private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\ ...

随机推荐

  1. jQuery知识点总结(第六天)

    今天工作繁忙,晚上又和所谓的'朋友',吃了自助烧烤. 但我内心是很抗拒的,不知为了什么,竟然稀奇古怪的答应了下来,竟要去吃饭.我向来不喜欢去凑热闹,特别是和志趣不投的人在一起吃,对方所说的话,自己根本 ...

  2. Rabbitmq -Publish_Subscribe模式- python编码实现

    what is Exchanges ?? Let's quickly go over what we covered in the previous tutorials: A producer is ...

  3. JS-DOM2级事件对象跨浏览器处理(已封装)

    var eventUill = { //添加事件 addHander: function(element, type, handler) { if(element.addEventListener) ...

  4. 深入JVM-java虚拟机的基本结构

    本文将介绍Java虚拟机的基本结构,各组成部分的作用,以及相互之间是如何协调的.而要了解这些,首先必须了解Java堆.Java栈.永久区和元数据区的基本概念. 一.Java虚拟机的架构 1.1 类加载 ...

  5. JQuery 和JavaScript的区别

    Google提供的jquery包: http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js jQuery官方的jquery包: ...

  6. Android学习笔记——ListView

    该工程的功能是实现在一个activity中显示一个列表 以下代码是MainActivity.java中的代码 package com.example.listview; import java.uti ...

  7. 关闭和启动adb服务命令

    在运行中输入 关闭——adb kill-server 重启——adb start-server

  8. Ctrl+Scroll改变所有Editor的缩放比例 (Code::Blocks)

    Settings > Editor > Zooming resizes all editors

  9. css 父层 透明 子层不透明Alpha

    html代码 <div class="user2-register-bg"> <div class="user2-register-con"& ...

  10. 取出return array() 数组内容

    d.php文件 return array( "0" => 内容一, "1" => 内容二, "2" => 内容三, &qu ...