/**/
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="Str">传入用户提交数据</param>
/// <returns>返回是否含有SQL注入式攻击代码</returns>
public string ProcessSqlStr(string Str)
{
    string SqlStr = "exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare";
    string ReturnValue = Str;
    try
    {
        if (Str != "")
        {
            string[] anySqlStr = SqlStr.Split('|');
            foreach (string ss in anySqlStr)
            {
                if (Str.ToLower().IndexOf(ss) >= 0)
                {
                    ReturnValue = "";
                }
            }
        }
    }
    catch
    {
        ReturnValue = "";
    }
    if (Str.Length > 20)
    {
        ReturnValue = "";
    }
    return ReturnValue;
}