ÊDz»ÊÇÖ»ÄÜÔÚÖ´Ðд洢¹ý³Ì֮ǰÌæ»»µôÃô¸Ð×Ö·ûÁË£¿
Ó¦¸ÃÊǵģ¬¿ÉÒÔÓÃÕýÔòÈ¥Ìæ»»
ÒýÓà µÃ´ç½ø³ßµÄÎÊÏ£¬³ýÁËÌæ»»µ¥ÒýºÅ£¬»¹ÐèÒªÌæ»»ÄÄЩÄØ£¿Ð»Ð»~
C# code:
ÎÒ×Ô¼ºÒ»Ö±ÊÇÕâôдµÄ£¬Ï£Íû¶ÔÄãÓÐÆô·¢
#region ¹ýÂË×Ö·û
/// <summary>
/// ¾ßÌåÇé¿öÀ´¶¨Òª¹ýÂ˵Ä×Ö·û
/// </summary>
/// <param name="param">Òª¹ýÂ˵Ä×Ö·û</param>
public static string CheckSaftParam(string param)
{
param = param.Replace("net user", "");
param = param.Replace("xp_cmdshell", "");
param = param.Replace("/add", "");
param = param.Replace("exec%20master.dbo.xp_cmdshell", "");
param = param.Replace("net localgroup administrators", "");
param = param.Replace("select", "");
param = param.Replace("'", "''");
param = param.Replace("insert", "");
param = param.Replace("delete", "");
param = param.Replace("drop", "");
param = param.Replace("truncate", "");
