ASP.NET 轮换字符 防SQL注入

/// <summary>
??? /// 处理字符串
??? /// </summary>
??? /// <param name="str">要处理的字符</param>
??? /// <returns>string</returns>
??? public static string GetStr(string str)
??? {
??????? if (str == null || str == "")
??????????? return "";
??????? str = str.ToLower();
??????? str = str.Replace(",", "");
??????? str = str.Replace("，", "");
??????? str = str.Replace("'", "");
??????? str = str.Replace("‘", "");
??????? str = str.Replace("’", "");
??????? str = str.Replace("@", "");
??????? str = str.Replace("＠", "");
??????? str = str.Replace(".", "");
??????? str = str.Replace("。", "");
??????? str = str.Replace(" ", "");//处理空格?? （两个空格就可以了）???
??????? str = str.Replace("<", "");//处理小于号???
??????? str = str.Replace(">", "");//处理大于号??
??????? str = str.Replace(";", "");
??????? str = str.Replace("'", "");
??????? str = str.Replace("&", "");
??????? str = str.Replace("%20", "");
??????? str = str.Replace("--", "");
??????? str = str.Replace("==", "");
??????? str = str.Replace("%", "");
??????? //新加字符过滤
??????? //时间：2009-06-30
??????? str = str.Replace("declare", "");
??????? str = str.Replace(".js", "");
??????? str = str.Replace("set", "");
??????? str = str.Replace("update", "");
??????? str = str.Replace("shell", "");
??????? str = str.Replace("master", "");
??????? str = str.Replace("table", "");
??????? str = str.Replace("exec", "");
??????? str = str.Replace("select", "");
??????? str = str.Replace("insert", "");
??????? str = str.Replace("or", "");
??????? str = str.Replace("and", "");
??????? str = str.Replace("create", "");
??????? str = str.Replace("alter", "");
??????? str = str.Replace("(", "");
??????? str = str.Replace(")", "");
??????? return str;
??? }