这篇文章主要讲解了“C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号”吧!
创新互联建站专注于武平网站建设服务及定制,我们拥有丰富的企业做网站经验。 热诚为您提供武平营销型网站建设,武平网站制作、武平网页设计、武平网站官网定制、微信平台小程序开发服务,打造武平网络公司原创品牌,更为您提供武平网站排名全网营销落地服务。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
namespace BIReportCenter.Utility
{
public class StringHelper
{
#region String length formatter
///
/// 对字符串进行裁剪
///
public static string Trim(string stringTrim, int maxLength)
{
return Trim(stringTrim, maxLength, "...");
}
///
/// 对字符串进行裁剪(区分单字节及双字节字符)
///
/// 需要裁剪的字符串
/// 裁剪的长度,按双字节计数
/// 如果进行了裁剪需要附加的字符
public static string Trim(string rawString, int maxLength, string appendString)
{
if (string.IsNullOrEmpty(rawString) || rawString.Length <= maxLength)
{
return rawString;
}
else
{
int rawStringLength = Encoding.UTF8.GetBytes(rawString).Length;
if (rawStringLength <= maxLength * 2)
return rawString;
}
int appendStringLength = Encoding.UTF8.GetBytes(appendString).Length;
StringBuilder checkedStringBuilder = new StringBuilder();
int appendedLenth = 0;
for (int i = 0; i < rawString.Length; i++)
{
char _char = rawString[i];
checkedStringBuilder.Append(_char);
appendedLenth += Encoding.Default.GetBytes(new char[] { _char }).Length;
if (appendedLenth >= maxLength * 2 - appendStringLength)
break;
}
return checkedStringBuilder.ToString() + appendString;
}
#endregion
#region 特殊字符
///
/// 检测是否有Sql危险字符
///
/// 要判断字符串
/// 判断结果
public static bool IsSafeSqlString(string str)
{
return !Regex.IsMatch(str, @"[-|;|,|\/|||
|
|\}|\{|%|@|\*|!|\']");
}
///
/// 删除SQL注入特殊字符
/// 解然 20070622加入对输入参数sql为Null的判断
///
public static string StripSQLInjection(string sql)
{
if (!string.IsNullOrEmpty(sql))
{
//过滤 ' --
string pattern1 = @"(\%27)|(\')|(\-\-)";
//防止执行 ' or
string pattern2 = @"((\%27)|(\'))\s*((\%6F)|o|(\%4F))((\%72)|r|(\%52))";
//防止执行sql server 内部存储过程或扩展存储过程
string pattern3 = @"\s+exec(\s|\+)+(s|x)p\w+";
sql = Regex.Replace(sql, pattern1, string.Empty, RegexOptions.IgnoreCase);
sql = Regex.Replace(sql, pattern2, string.Empty, RegexOptions.IgnoreCase);
sql = Regex.Replace(sql, pattern3, string.Empty, RegexOptions.IgnoreCase);
}
return sql;
}
public static string SQLSafe(string Parameter)
{
Parameter = Parameter.ToLower();
Parameter = Parameter.Replace("'", "");
Parameter = Parameter.Replace(">", ">");
Parameter = Parameter.Replace("<", "<");
Parameter = Parameter.Replace("\n", "
");
Parameter = Parameter.Replace("\0", "·");
return Parameter;
}
///
/// 清除xml中的不合法字符
///
///
/// 无效字符:
/// 0x00 - 0x08
/// 0x0b - 0x0c
/// 0x0e - 0x1f
///
public static string CleanInvalidCharsForXML(string input)
{
if (string.IsNullOrEmpty(input))
return input;
else
{
StringBuilder checkedStringBuilder = new StringBuilder();
Char[] chars = input.ToCharArray();
for (int i = 0; i < chars.Length; i++)
{
int charValue = Convert.ToInt32(chars[i]);
if ((charValue >= 0x00 && charValue <= 0x08) || (charValue >= 0x0b && charValue <= 0x0c) || (charValue >= 0x0e && charValue <= 0x1f))
continue;
else
checkedStringBuilder.Append(chars[i]);
}
return checkedStringBuilder.ToString();
//string result = checkedStringBuilder.ToString();
//result = result.Replace("�", "");
//return Regex.Replace(result, @"[\u0000-\u0008\u000B\u000C\u000E-\u001A\uD800-\uDFFF]", delegate(Match m) { int code = (int)m.Value.ToCharArray()[0]; return (code > 9 ? "&#" + code.ToString() : "�" + code.ToString()) + ";"; });
}
}
///
/// 改正sql语句中的转义字符
///
public static string mashSQL(string str)
{
return (str == null) ? "" : str.Replace("\'", "'");
}
///
/// 替换sql语句中的有问题符号
///
public static string ChkSQL(string str)
{
return (str == null) ? "" : str.Replace("'", "''");
}
///
/// 判断是否有非法字符
///
///
/// 返回TRUE表示有非法字符,返回FALSE表示没有非法字符。
public static bool CheckBadStr(string strString)
{
bool outValue = false;
if (strString != null && strString.Length > 0)
{
string[] bidStrlist = new string[9];
bidStrlist[0] = "'";
bidStrlist[1] = ";";
bidStrlist[2] = ":";
bidStrlist[3] = "%";
bidStrlist[4] = "@";
bidStrlist[5] = "&";
bidStrlist[6] = "#";
bidStrlist[7] = "\"";
bidStrlist[8] = "net user";
bidStrlist[9] = "exec";
bidStrlist[10] = "net localgroup";
bidStrlist[11] = "select";
bidStrlist[12] = "asc";
bidStrlist[13] = "char";
bidStrlist[14] = "mid";
bidStrlist[15] = "insert";
bidStrlist[19] = "order";
bidStrlist[20] = "exec";
bidStrlist[21] = "delete";
bidStrlist[22] = "drop";
bidStrlist[23] = "truncate";
bidStrlist[24] = "xp_cmdshell";
bidStrlist[25] = "<";
bidStrlist[26] = ">";
string tempStr = strString.ToLower();
for (int i = 0; i < bidStrlist.Length; i++)
{
if (tempStr.IndexOf(bidStrlist[i]) != -1)
//if (tempStr == bidStrlist[i])
{
outValue = true;
break;
}
}
}
return outValue;
}
#endregion
#region Tools
///
/// 去掉最后一个逗号
///
/// 要做处理的字符串
/// 去掉最后一个逗号的字符串
public static string DelLastComma(string String)
{
if (String.IndexOf(",") == -1)
{
return String;
}
return String.Substring(0, String.LastIndexOf(","));
}
///
/// 删除最后一个字符
///
///
///
/// html编码
///
///
///
/// html解码
///
///
///
", "\n").Replace("<", "<").Replace(">", ">").Replace(" ", " ");
return OutputString;
}
#endregion
}
} 感谢各位的阅读,以上就是“C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号”的内容了,经过本文的学习后,相信大家对C#怎么对字符串剪裁、过滤危险字符、替换sql中有问题符号这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是创新互联,小编将为大家推送更多相关知识点的文章,欢迎关注!
