ASP.NET中过滤非法字符串的方法

   /// <summary>过滤SQL非法字符串

    /// 字符串长度不能超过40个,把前后空间都去除
    /// </summary>
    /// <param name="value"></param>
    /// <returns></returns>
    public static string GetSafeSQL(string value)
    {
        if (string.IsNullOrEmpty(value))
            return string.Empty;
        value = value.Trim();
        value = Tool.StringTruncat(value, 40, "");
        value = Regex.Replace(value, @";", string.Empty);
        value = Regex.Replace(value, @"'", string.Empty);
        value = Regex.Replace(value, @"&", string.Empty);
        value = Regex.Replace(value, @"%20", string.Empty);
        value = Regex.Replace(value, @"--", string.Empty);
        value = Regex.Replace(value, @"==", string.Empty);
        value = Regex.Replace(value, @"<", string.Empty);
        value = Regex.Replace(value, @">", string.Empty);
        value = Regex.Replace(value, @"%", string.Empty);
        return value;
    }