Èç¹û´æ´¢¹ý³ÌÊÇÆ´µÄSQL£¬ÄÇôҪ·ÀÖ¹×¢È룬Ôõô°ì£¿

ÊDz»ÊÇÖ»ÄÜÔÚÖ´Ðд洢¹ý³Ì֮ǰÌæ»»µôÃô¸Ð×Ö·ûÁË£¿

---

Ó¦¸ÃÊǵģ¬¿ÉÒÔÓÃÕýÔòÈ¥Ìæ»»

---

ÒýÓÃ

Ó¦¸ÃÊǵģ¬¿ÉÒÔÓÃÕýÔòÈ¥Ìæ»»

µÃ´ç½ø³ßµÄÎÊÏ£¬³ýÁËÌæ»»µ¥ÒýºÅ£¬»¹ÐèÒªÌæ»»ÄÄЩÄØ£¿Ð»Ð»~

---

C# code:

ÎÒ×Ô¼ºÒ»Ö±ÊÇÕâôдµÄ£¬Ï£Íû¶ÔÄãÓÐÆô·¢
#region ¹ýÂË×Ö·û
/// <summary>
/// ¾ßÌåÇé¿öÀ´¶¨Òª¹ýÂ˵Ä×Ö·û
/// </summary>
/// <param name="param">Òª¹ýÂ˵Ä×Ö·û</param>
public static string CheckSaftParam(string param)
{

param = param.Replace("net user", "");
param = param.Replace("xp_cmdshell", "");
param = param.Replace("/add", "");
param = param.Replace("exec%20master.dbo.xp_cmdshell", "");
param = param.Replace("net localgroup administrators", "");
param = param.Replace("select", "");
param = param.Replace("'", "''");
param = param.Replace("insert", "");
param = param.Replace("delete", "");
param = param.Replace("drop", "");
param = param.Replace("truncate", "");