using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.IO;
using System.Text;
using System.Web.UI.MobileControls;
using System.Collections.Generic;
/// <summary>
///SQLFilter µÄժҪ˵Ã÷
/// </summary>
public static class SQLFilter
{
#region SQL×¢Èë¹ýÂË
/// <summary>
/// SQL×¢Èë¹ýÂË
/// </summary>
/// <param name="sqlParems">Òª¹ýÂ˵IJÎÊýÊý×é</param>
/// <returns>Èç¹û²ÎÊý´æÔÚ²»°²È«×Ö·û£¬Ôò·µ»Øfalse</returns>
// Ó¦ÓÃʾÀý
// if(TheManagerUtils.SqlFilter(new string[] { "ss","kk" }, this.Page) == false)
// {
// //Ö±½ÓÌøתµ½ÏàÓ¦µÄ´íÎóÒ³Ãæ
// Response.Redirect("WelfarePage.aspx");
// return;
// }
public static bool SqlFilter(string[] sqlParems, Page p)
{
StringBuilder parems = new StringBuilder();
#region ÓйطǷ¨Êý¾ÝµÄÏà¹Øά»¤
//³£ÓõÄSQL¶ñÒâ×Ö·ûÆÁ±Î
string sql = "insert|delete|update|select|exec|script";
try
{
//»ñÈ¡ÅäÖÃÔÚWeb.configÖÐ×îеÄSQL¶ñÒâ×Ö·ûÆÁ±Î
sql = System.Configuration.ConfigurationSettings.AppSettings["
