1790429840
/
KN_CAMP_SOFTWARE_TEST
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
软测单独项目
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18 Commits
1 Branch
0 Tags
273 MiB
 
 
 
 
 
 
Tree: 3491ad9303
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3491ad9303'
${ noResults }
KN_CAMP_SOFTWARE_TEST/Code/ClassLib/ZHYQ/Common/StringBuilderExtend.cs

43 lines
1.4 KiB
Raw Blame History

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace FangYar.Common
{
/// <summary>
/// 扩展StringBuilder方法
/// 防止Sql注入
/// </summary>
public static class StringBuilderExtend
{
/// <summary>
///使用方法:StringBuilder sql = new StringBuilder().Append(" select * from UserInfo where 1=1");
///sql.AppendFormatWithSafe(" and RealName like '%{0}%'", model.Item.RealName, sql);
/// </summary>
/// <param name="thistringbuilder">StringBuilder对象</param>
/// <param name="format">format字符串</param>
/// <param name="prop">属性字段</param>
/// <param name="strsql">sql字符串</param>
/// <returns></returns>
public static StringBuilder AppendFormatWithSafe(this StringBuilder thistringbuilder, string format, object prop, StringBuilder strsql)
{
strsql.AppendFormat(format,
((string)prop)
.ToLower()
.Replace("update", "")
.Replace("delete", "")
.Replace("select", "")
.Replace("insert", "")
.Replace("from", "")
.Replace("or", "")
.Replace("'", "")
.Replace("@", "")
.Trim()
);
return strsql;
}
}
}