防止SQL话语注入

防止SQL语句注入

/// <summary>      /// 过滤SQL非法字符串      /// </summary>      /// <param name="value"></param>       /// <returns></returns>     public static string Filter(string value)      {          if (string.IsNullOrEmpty(value))              return string.Empty;         value = Regex.Replace(value, @";", string.Empty);          value = Regex.Replace(value, @"'", string.Empty);         value = Regex.Replace(value, @"&", string.Empty);          value = Regex.Replace(value, @"%20", string.Empty);          value = Regex.Replace(value, @"--", string.Empty);        value = Regex.Replace(value, @"==", string.Empty);         value = Regex.Replace(value, @"<", string.Empty);          value = Regex.Replace(value, @">", string.Empty);          value = Regex.Replace(value, @"%", string.Empty);        return value;    }   

?1./// <summary>??
2.??? /// 过滤SQL非法字符串??
3.??? /// </summary>??
4.??? /// <param name="value"></param>??
5.??? /// <returns></returns>??
6.??? public static string Filter(string value)??
7.??? {??
8.??????? if (string.IsNullOrEmpty(value))??
9.??????????? return string.Empty;??
10.??????? value = Regex.Replace(value, @";", string.Empty);??
11.??????? value = Regex.Replace(value, @"'", string.Empty);??
12.??????? value = Regex.Replace(value, @"&", string.Empty);??
13.??????? value = Regex.Replace(value, @"%20", string.Empty);??
14.??????? value = Regex.Replace(value, @"--", string.Empty);??
15.??????? value = Regex.Replace(value, @"==", string.Empty);??
16.??????? value = Regex.Replace(value, @"<", string.Empty);??
17.??????? value = Regex.Replace(value, @">", string.Empty);??
18.??????? value = Regex.Replace(value, @"%", string.Empty);??
19.??????? return value;??
20.??? }?

?