using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace FangYar.Common
{
///
/// 扩展StringBuilder方法
/// 防止Sql注入
///
public static class StringBuilderExtend
{
///
///使用方法:StringBuilder sql = new StringBuilder().Append(" select * from UserInfo where 1=1");
///sql.AppendFormatWithSafe(" and RealName like '%{0}%'", model.Item.RealName, sql);
///
/// StringBuilder对象
/// format字符串
/// 属性字段
/// sql字符串
///
public static StringBuilder AppendFormatWithSafe(this StringBuilder thistringbuilder, string format, object prop, StringBuilder strsql)
{
strsql.AppendFormat(format,
((string)prop)
.ToLower()
.Replace("update", "")
.Replace("delete", "")
.Replace("select", "")
.Replace("insert", "")
.Replace("from", "")
.Replace("or", "")
.Replace("'", "")
.Replace("@", "")
.Trim()
);
return strsql;
}
}
}