<html xmlns="http://www.w3.org/1999/xhtml">
< head runat="server">
<title>无标题页 </title>
< /head>
< body>
<form id="form1" runat="server">
<asp:TextBox ID="TextBox1" runat="server" Width="298px" TextMode="multiLine"> </asp:TextBox>
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Button" />
</form>
< /body>
< /html>
后台:
public static string SqlInsertEncode(string strFromText)
{
if (!System.String.IsNullOrEmpty(strFromText) && strFromText != "")
{
//strFromText = strFromText.Replace(";", ";");
strFromText = strFromText.Replace("!", "!");
//strFromText = strFromText.Replace("@", "@");
strFromText = strFromText.Replace("$", "$");
strFromText = strFromText.Replace("*", "*");
strFromText = strFromText.Replace("(", "(");
strFromText = strFromText.Replace(")", ")");
strFromText = strFromText.Replace("-", "-");
strFromText = strFromText.Replace("+", "+");
//strFromText = strFromText.Replace("=", "=");
strFromText = strFromText.Replace("|", "|");
strFromText = strFromText.Replace("\\", "\");
//strFromText = strFromText.Replace("/", "/");
//strFromText = strFromText.Replace(":", ":");
strFromText = strFromText.Replace("\"", """);
strFromText = strFromText.Replace("'", "'");
strFromText = strFromText.Replace(" <", "<");
strFromText = strFromText.Replace(" ", " ");
strFromText = strFromText.Replace(">", ">");
strFromText = strFromText.Replace(" ", " ");
strFromText = strFromText.Replace("\n", " <br />");
}
return strFromText;
}
protected void Button1_Click(object sender, EventArgs e)
{
Response.Write(SqlInsertEncode(TextBox1.Text));
}