/// <summary>

/// Sql注入校验

/// </summary>

/// <param name="listWord">字符</param>

/// <returns>是否成功</returns>

public static bool CheckSqlInjuect(List<string> listWord)

{

//过滤关键字

string StrKeyWord = @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";

//过滤关键字符

string StrRegex = @"[-|;|,|/|\(|\)|\[|\]|}|{|%|\@|*|!|']";

foreach (var item in listWord)

{

if (Regex.IsMatch(item, StrKeyWord, RegexOptions.IgnoreCase) || Regex.IsMatch(item, StrRegex))

return false;

}

return true;

}