SQL keyword filtering C # method

/// <summary>///SQL injection Filtering/// </summary>/// <param name= "InText" >the string to filter</param>/// <returns>returns True if the argument has an unsafe character</returns> Public  BOOLSqlfilter (stringInText) {    stringword="And|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join"; if(intext==NULL)        return false; foreach(stringIinchWord. Split ('|'))    {        if(Intext.tolower (). IndexOf (i+" ") >-1)|| (Intext.tolower (). IndexOf (" "+i) >-1))        {            return true; }    }    return false;}

1.
<summary>
Filter unsafe strings
</summary>
<param name= "Str" ></param>
<returns></returns>
public static string Filtesqlstr (String Str)
{

STR = str.replace ("'", "" ");
STR = str.replace ("\" "," ");
STR = Str.replace ("&", "&amp");
STR = Str.replace ("<", "&lt");
STR = Str.replace (">", "&gt");

STR = str.replace ("delete", "");
STR = str.replace ("Update", "");
STR = str.replace ("Insert", "");

return Str;
}

2.

#region filtering the injection script in the SQL statement string
<summary>
Filtering the injection script in the SQL statement string
</summary>
<param name= "source" > Incoming string </param>
<returns> Filtered String </returns>
public static string Sqlfilter (string source)
{
Single quotes replaced with two single quotes
Source = source. Replace ("'", "" ");

Half-width number replaced with full-width seal to prevent multi-statement execution
Source = source. Replace (";", ";");

Half-width brackets are replaced with full-width brackets
Source = source. Replace ("(", "(");
Source = source. Replace (")", ")");

To replace with regular expressions, prevent letters from being case-sensitive////////////////////

Remove the command keyword that executes the stored procedure
Source = source. Replace ("Exec", "");
Source = source. Replace ("Execute", "");

Remove system stored procedures or extended stored procedure keywords
Source = source. Replace ("Xp_", "x P_");
Source = source. Replace ("sp_", "s P_");

Prevent 16-in-binary injection
Source = source. Replace ("0x", "0 x");

return source;
}
#endregion

3.

Filter SQL characters.
</summary>
<param name= "str" > string to filter SQL characters. </param>
<returns> string that has filtered out SQL characters. </returns>
public static string Replacesqlchar (String str)
{
if (str = = String.Empty)
return String.Empty; str = str. Replace ("'", "'");
str = str. Replace (";", ";");
str = str. Replace (",", ",");
str = str. Replace ("?", "?");
str = str. Replace ("<", "" ");
str = str. Replace (">", ">");
str = str. Replace ("(", "(");
str = str. Replace (")", ")");
str = str. Replace ("@", "@");
str = str. Replace ("=", "=");
str = str. Replace ("+", "+");
str = str. Replace ("*", "*");
str = str. Replace ("&", "&");
str = str. Replace ("#", "#");
str = str. Replace ("%", "%");
str = str. Replace ("$", "￥");

return str;
}
4.

<summary>
Filter Marks
</summary>
<param name= "nohtml" > includes HTML, scripts, database keywords, special characters of source code </param>
<returns> has removed the tagged text </returns>
public string nohtml (string htmlstring)
{
if (htmlstring = = null)
{
Return "";
}
Else
{
Delete Script
htmlstring = Regex.Replace (htmlstring, @ "<script[^>]*?>.*?</script>", "", regexoptions.ignorecase);
Delete HTML
htmlstring = Regex.Replace (htmlstring, @ "< (. [ ^>]*) > "," ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "([\ r \ n]) [\s]+", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "-and", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "<!--. *", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (quot| #34);", "\" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (amp| #38);", "&", Regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (lt| #60);", "<", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (gt| #62);", ">", Regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (nbsp| #160);", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (iexcl| #161);", "\xa1", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (cent| #162);", "\xa2", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (pound| #163);", "\xa3", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "& (copy| #169);", "\xa9", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, @ "(\d+);", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "xp_cmdshell", "" ", regexoptions.ignorecase);

Delete a database-related word
htmlstring = Regex.Replace (htmlstring, "select", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "Insert", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "Delete from", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "Count" "," ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "drop table", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "truncate", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "ASC", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "mid", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "char", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "xp_cmdshell", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "exec master", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "net localgroup Administrators", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "and", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "net user", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "or", "", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "net", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "*", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "-", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "delete", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "Drop", "" ", regexoptions.ignorecase);
htmlstring = Regex.Replace (htmlstring, "script", "" ", regexoptions.ignorecase);

Special characters
htmlstring = Htmlstring.replace ("<", "");
htmlstring = Htmlstring.replace (">", "");
htmlstring = Htmlstring.replace ("*", "");
htmlstring = Htmlstring.replace ("-", "" ");
htmlstring = Htmlstring.replace ("?", "");
htmlstring = Htmlstring.replace ("'", "" ");
htmlstring = Htmlstring.replace (",", "");
htmlstring = Htmlstring.replace ("/", "" ");
htmlstring = Htmlstring.replace (";", "");
htmlstring = Htmlstring.replace ("*/", "");
htmlstring = Htmlstring.replace ("\ r \ n", "");
htmlstring = HttpContext.Current.Server.HtmlEncode (htmlstring). Trim ();

return htmlstring;
}
}

5.

Public static bool checkbadword (string str)
{
string pattern = @ " Select|insert|delete|from|count\ (|drop table|update|truncate|asc\ (|mid\ (|char\ (|xp_cmdshell|exec   Master|netlocalgroup administrators|net User|or|and ";
if  (Regex.IsMatch (str, pattern, regexoptions.ignorecase))
Return true;
return false;
}
Public static string filter (string str)
{
string[] pattern ={  " Select ", " Insert ", " delete ", " from ", " count\\ (", " drop table ", " Update ", " Truncate ", " asc\\ (", " mid\\ (", " char\\ (", " xp_cmdshell ", " exec   Master ",   "Netlocalgroup Administrators",  "NET user",  "or",  "and"  };
for  (int i = 0; i < pattern. Length; i++)
{
Str = str. Replace (Pattern[i]. ToString (),  "");
}
Return str;
}

SQL keyword filtering C # method