asp.net 防字符串注入方法

时间:2008-08-11 03:05:03 类别:ASP 作者:菜菜

CODE:

#region 替换特殊字符
    /// <summary>
    /// 特殊字符串替换
    /// </summary>
    public static string repString(string strTemp)
    {
      if (strTemp == null)
        strTemp = "";
      strTemp = strTemp.Replace(" ", "");
      strTemp = strTemp.Replace("*", "");
      strTemp = strTemp.Replace("?", "");
      strTemp = strTemp.Replace("#", "");
      strTemp = strTemp.Replace("@", "");
      strTemp = strTemp.Replace("^", "");
      strTemp = strTemp.Replace("&", "");
      strTemp = strTemp.Replace("+", "");
      strTemp = strTemp.Replace("-", "");
      strTemp = strTemp.Replace("(", "");
      strTemp = strTemp.Replace(")", "");
      strTemp = strTemp.Replace("!", "");
      strTemp = strTemp.Replace("`", "");
      strTemp = strTemp.Replace("~", "");
      strTemp = strTemp.Replace("<", "");
      strTemp = strTemp.Replace(">", "");
      strTemp = strTemp.Replace("'", "");
      strTemp = strTemp.Replace("\"", "");
      strTemp = strTemp.Replace("\\", "");
      strTemp = strTemp.Replace("|", "");
      strTemp = strTemp.Replace("=", "");
      strTemp = strTemp.Replace(",", "");
      return strTemp;
    }
    #endregion

#region 删除html格式
    /// <summary>
    /// 替换html特殊字符
    /// </summary>
    /// <param name="strContent"></param>
    /// <returns></returns>
    public static string repHtml(string strContent)
    {
      strContent = strContent.Replace("&", "&amp");
      strContent = strContent.Replace("´", "´´");
      strContent = strContent.Replace("<", "&lt");
      strContent = strContent.Replace(">", "&gt");
      strContent = strContent.Replace("chr(60)", "&lt");
      strContent = strContent.Replace("chr(37)", "&gt");
      strContent = strContent.Replace("\"", "&quot");
      strContent = strContent.Replace(";", ";");
      strContent = strContent.Replace("\n", "<br />");
      strContent = strContent.Replace(" ", "&nbsp");
      return strContent;
    }
    /// <summary>
    /// 清除html特殊字符
    /// </summary>
    /// <param name="strContent"></param>
    /// <returns></returns>
    public static string clearHtml(string strContent)
    {
      strContent = strContent.Replace("&", "");
      strContent = strContent.Replace("´", "");
      strContent = strContent.Replace("<", "");
      strContent = strContent.Replace(">", "");
      strContent = strContent.Replace("chr(60)", "");
      strContent = strContent.Replace("chr(37)", "");
      strContent = strContent.Replace("\"", "");
      strContent = strContent.Replace(";", "");
      strContent = strContent.Replace("\n", "<br/>");
      strContent = strContent.Replace("\\", "");
      return strContent;
    }
    #endregion

原文链接 asp.net asp源码 asp教程 asp空间 asp.net教程 asp源代码 asp视频教程 ASP 加入收藏关闭

系统之家

asp.net 防字符串注入方法

特别推荐

广而告之

最新文章