C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号
这篇文章主要讲解了“C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号”吧!
创新互联建站专注于武平网站建设服务及定制,我们拥有丰富的企业做网站经验。 热诚为您提供武平营销型网站建设,武平网站制作、武平网页设计、武平网站官网定制、微信平台小程序开发服务,打造武平网络公司原创品牌,更为您提供武平网站排名全网营销落地服务。
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Text.RegularExpressions; namespace BIReportCenter.Utility { public class StringHelper { #region String length formatter ////// 对字符串进行裁剪 /// public static string Trim(string stringTrim, int maxLength) { return Trim(stringTrim, maxLength, "..."); } ////// 对字符串进行裁剪(区分单字节及双字节字符) /// /// 需要裁剪的字符串 /// 裁剪的长度,按双字节计数 /// 如果进行了裁剪需要附加的字符 public static string Trim(string rawString, int maxLength, string appendString) { if (string.IsNullOrEmpty(rawString) || rawString.Length <= maxLength) { return rawString; } else { int rawStringLength = Encoding.UTF8.GetBytes(rawString).Length; if (rawStringLength <= maxLength * 2) return rawString; } int appendStringLength = Encoding.UTF8.GetBytes(appendString).Length; StringBuilder checkedStringBuilder = new StringBuilder(); int appendedLenth = 0; for (int i = 0; i < rawString.Length; i++) { char _char = rawString[i]; checkedStringBuilder.Append(_char); appendedLenth += Encoding.Default.GetBytes(new char[] { _char }).Length; if (appendedLenth >= maxLength * 2 - appendStringLength) break; } return checkedStringBuilder.ToString() + appendString; } #endregion #region 特殊字符 ////// 检测是否有Sql危险字符 /// /// 要判断字符串 ///判断结果 public static bool IsSafeSqlString(string str) { return !Regex.IsMatch(str, @"[-|;|,|\/||| | |\}|\{|%|@|\*|!|\']"); } ////// 删除SQL注入特殊字符 /// 解然 20070622加入对输入参数sql为Null的判断 /// public static string StripSQLInjection(string sql) { if (!string.IsNullOrEmpty(sql)) { //过滤 ' -- string pattern1 = @"(\%27)|(\')|(\-\-)"; //防止执行 ' or string pattern2 = @"((\%27)|(\'))\s*((\%6F)|o|(\%4F))((\%72)|r|(\%52))"; //防止执行sql server 内部存储过程或扩展存储过程 string pattern3 = @"\s+exec(\s|\+)+(s|x)p\w+"; sql = Regex.Replace(sql, pattern1, string.Empty, RegexOptions.IgnoreCase); sql = Regex.Replace(sql, pattern2, string.Empty, RegexOptions.IgnoreCase); sql = Regex.Replace(sql, pattern3, string.Empty, RegexOptions.IgnoreCase); } return sql; } public static string SQLSafe(string Parameter) { Parameter = Parameter.ToLower(); Parameter = Parameter.Replace("'", ""); Parameter = Parameter.Replace(">", ">"); Parameter = Parameter.Replace("<", "<"); Parameter = Parameter.Replace("\n", "
"); Parameter = Parameter.Replace("\0", "·"); return Parameter; } ////// 清除xml中的不合法字符 /// ////// 无效字符: /// 0x00 - 0x08 /// 0x0b - 0x0c /// 0x0e - 0x1f /// public static string CleanInvalidCharsForXML(string input) { if (string.IsNullOrEmpty(input)) return input; else { StringBuilder checkedStringBuilder = new StringBuilder(); Char[] chars = input.ToCharArray(); for (int i = 0; i < chars.Length; i++) { int charValue = Convert.ToInt32(chars[i]); if ((charValue >= 0x00 && charValue <= 0x08) || (charValue >= 0x0b && charValue <= 0x0c) || (charValue >= 0x0e && charValue <= 0x1f)) continue; else checkedStringBuilder.Append(chars[i]); } return checkedStringBuilder.ToString(); //string result = checkedStringBuilder.ToString(); //result = result.Replace("�", ""); //return Regex.Replace(result, @"[\u0000-\u0008\u000B\u000C\u000E-\u001A\uD800-\uDFFF]", delegate(Match m) { int code = (int)m.Value.ToCharArray()[0]; return (code > 9 ? "" + code.ToString() : "�" + code.ToString()) + ";"; }); } } ////// 改正sql语句中的转义字符 /// public static string mashSQL(string str) { return (str == null) ? "" : str.Replace("\'", "'"); } ////// 替换sql语句中的有问题符号 /// public static string ChkSQL(string str) { return (str == null) ? "" : str.Replace("'", "''"); } ////// 判断是否有非法字符 /// /// ///返回TRUE表示有非法字符,返回FALSE表示没有非法字符。 public static bool CheckBadStr(string strString) { bool outValue = false; if (strString != null && strString.Length > 0) { string[] bidStrlist = new string[9]; bidStrlist[0] = "'"; bidStrlist[1] = ";"; bidStrlist[2] = ":"; bidStrlist[3] = "%"; bidStrlist[4] = "@"; bidStrlist[5] = "&"; bidStrlist[6] = "#"; bidStrlist[7] = "\""; bidStrlist[8] = "net user"; bidStrlist[9] = "exec"; bidStrlist[10] = "net localgroup"; bidStrlist[11] = "select"; bidStrlist[12] = "asc"; bidStrlist[13] = "char"; bidStrlist[14] = "mid"; bidStrlist[15] = "insert"; bidStrlist[19] = "order"; bidStrlist[20] = "exec"; bidStrlist[21] = "delete"; bidStrlist[22] = "drop"; bidStrlist[23] = "truncate"; bidStrlist[24] = "xp_cmdshell"; bidStrlist[25] = "<"; bidStrlist[26] = ">"; string tempStr = strString.ToLower(); for (int i = 0; i < bidStrlist.Length; i++) { if (tempStr.IndexOf(bidStrlist[i]) != -1) //if (tempStr == bidStrlist[i]) { outValue = true; break; } } } return outValue; } #endregion #region Tools ////// 去掉最后一个逗号 /// /// 要做处理的字符串 ///去掉最后一个逗号的字符串 public static string DelLastComma(string String) { if (String.IndexOf(",") == -1) { return String; } return String.Substring(0, String.LastIndexOf(",")); } ////// 删除最后一个字符 /// /// ///public static string ClearLastChar(string str) { return (str == "") ? "" : str.Substring(0, str.Length - 1); } /// /// html编码 /// /// ///public static string html_text(string chr) { if (chr == null) return ""; chr = chr.Replace("'", "''"); chr = chr.Replace("<", "<"); chr = chr.Replace(">", ">"); return (chr); } /// /// html解码 /// /// ///public static string text_html(string chr) { if (chr == null) return ""; chr = chr.Replace("<", "<"); chr = chr.Replace(">", ">"); return (chr); } public static bool JustifyStr(string strValue) { bool flag = false; char[] str = "^<>'=&*, ".ToCharArray(0, 8); for (int i = 0; i < 8; i++) { if (strValue.IndexOf(str[i]) != -1) { flag = true; break; } } return flag; } public static string CheckOutputString(string key) { string OutputString = string.Empty; OutputString = key.Replace("
", "\n").Replace("<", "<").Replace(">", ">").Replace(" ", " "); return OutputString; } #endregion } }
感谢各位的阅读,以上就是“C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号”的内容了,经过本文的学习后,相信大家对C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是创新互联,小编将为大家推送更多相关知识点的文章,欢迎关注!
分享标题:C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号
本文URL:http://pwwzsj.com/article/jidgss.html