Ò»Ì×»ùÓÚasp.netµÄ°²È«Ð£Ñé»úÖÆÓ¦ÓÃÄ£ÐÍ £¡

using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.IO;
using System.Text;
using System.Web.UI.MobileControls;
using System.Collections.Generic;
/// <summary>
///SQLFilter µÄժҪ˵Ã÷
/// </summary>
public static class SQLFilter
{
    #region SQL×¢Èë¹ýÂË
    /// <summary>
    /// SQL×¢Èë¹ýÂË
    /// </summary>
    /// <param name="sqlParems">Òª¹ýÂ˵IJÎÊýÊý×é</param>
    /// <returns>Èç¹û²ÎÊý´æÔÚ²»°²È«×Ö·û£¬Ôò·µ»Øfalse</returns>
    // Ó¦ÓÃʾÀý
    // if(TheManagerUtils.SqlFilter(new string[] { "ss","kk" }, this.Page) == false)
    // {
    //     //Ö±½ÓÌøתµ½ÏàÓ¦µÄ´íÎóÒ³Ãæ
    //     Response.Redirect("WelfarePage.aspx");
    //     return;
    // }
    public static bool SqlFilter(string[] sqlParems, Page p)
    {
        StringBuilder parems = new StringBuilder();
        #region ÓйطǷ¨Êý¾ÝµÄÏà¹Øά»¤
        //³£ÓõÄSQL¶ñÒâ×Ö·ûÆÁ±Î
        string sql = "insert|delete|update|select|exec|script";
        try
        {
            //»ñÈ¡ÅäÖÃÔÚWeb.configÖÐ×îеÄSQL¶ñÒâ×Ö·ûÆÁ±Î
            sql = System.Configuration.ConfigurationSettings.AppSettings["