將字符串安全轉(zhuǎn)換成可安全合成sql語句的值

字號:


    將字符串安全轉(zhuǎn)換成可安全合成sql語句的值:
    public static string dfstrtosql(string str)
    {
    str = str.tolower();
    str = str.replace(', '');
    str = str.replace(;--, );
    str = str.replace(select, );
    str = str.replace( or , );
    str = str.replace( and , );
    str = str.replace(insert, );
    str = str.replace(update, );
    str = str.replace(delete, );
    str = str.replace(from, );
    str = str.replace(exec master, );
    str = str.replace(group administrators, );
    str = str.replace(xp_cmdshell, );
    str = str.replace(drop table, );
    str = str.replace(truncate, );
    return str;
    }