C#替换特殊字符防SQL注入
am name="str"></param>/// <returns></returns>public string ReplaceSQLChar(string str){ if (string.IsNullOrEmpty(str)) return ""; str = str.Replace("'", ""); str = str.Replace(";", ""); str = str.Replace(",", ""); str = str.Replace("?", ""); str = str.Replace("<", ""); s