using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.IO;
using System.Text;
using System.Web.UI.MobileControls;
using System.Collections.Generic;
/// <summary>
///SQLFilter 的摘要说明
/// </summary>
public static class SQLFilter
{
#region SQL注入过滤
/// <summary>
/// SQL注入过滤
/// </summary>
/// <param name="sqlParems">要过滤的参数数组</param>
/// <returns>如果参数存在不安全字符,则返回false</returns>
// 应用示例
// if(TheManagerUtils.SqlFilter(new string[] { "ss","kk" }, this.Page) == false)
// {
// //直接跳转到相应的错误页面
// Response.Redirect("WelfarePage.aspx");
// return;
// }
public static bool SqlFilter(string[] sqlParems, Page p)
{
StringBuilder parems = new StringBuilder();
#region 有关非法数据的相关维护
//常用的SQL恶意字符屏蔽
string sql = "insert|delete|update|select|exec|script";
try
{
//获取配置在Web.config中最新的SQL恶意字符屏蔽
sql = System.Configuration.ConfigurationSettings.AppSettings["
