KN_CAMP_SOFTWARE_TEST/Code/ClassLib/ZHYQ/Common/SqlInjection.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace FangYar.Common
{
    /// <summary>
    /// 简单的SQL防注入类
    /// </summary>
    public class SqlInjection
    {
        /// <summary>
        /// 关键字过滤
        /// </summary>
        /// <param name="originalString">原始串</param>
        /// <returns>返回True就是找到了可能sql注入的关键字</returns>
        public static bool GetString(string originalString)
        {
            //参考：technet.microsoft.com/zh-cn/library/ms161953.aspx
            if (originalString.IndexOf(";") != -1 || originalString.IndexOf("'") != -1 || originalString.IndexOf("--") != -1 || originalString.IndexOf("/*") != -1 || originalString.IndexOf("*/") != -1 || originalString.IndexOf("xp_cmdshell") != -1)
                return true;
            else
                return false;
        }

    }
}
初始代码提交 9 months ago			`using System;`
			`using System.Collections.Generic;`
			`using System.Linq;`
			`using System.Text;`

			`namespace FangYar.Common`
			`{`
			`/// <summary>`
			`/// 简单的SQL防注入类`
			`/// </summary>`
			`public class SqlInjection`
			`{`
			`/// <summary>`
			`/// 关键字过滤`
			`/// </summary>`
			`/// <param name="originalString">原始串</param>`
			`/// <returns>返回True就是找到了可能sql注入的关键字</returns>`
			`public static bool GetString(string originalString)`
			`{`
			`//参考：technet.microsoft.com/zh-cn/library/ms161953.aspx`
			`if (originalString.IndexOf(";") != -1 \|\| originalString.IndexOf("'") != -1 \|\| originalString.IndexOf("--") != -1 \|\| originalString.IndexOf("/") != -1 \|\| originalString.IndexOf("/") != -1 \|\| originalString.IndexOf("xp_cmdshell") != -1)`
			`return true;`
			`else`
			`return false;`
			`}`

			`}`
			`}`