[英]How do I replace unknown characters in a string? Wildcard?
I have a string .. let's say: 我有一个字符串..可以说:
string MyString = "SELECT Stuff FROM Table WHERE Code = "Foo" AND DATE=20120101";
I want to replace 20120101
with a ?
我想将
20120101
替换为?
. 。 But, the
20120101
string I search for won't always be the same. 但是,我搜索的
20120101
字符串并不总是相同的。 It will always start with a 2
, and always contain 8 characters. 它始终以
2
开头,并且始终包含8个字符。 It may be 20121225, 20130510, etc. 可能是20121225、20130510等。
Can I use wildcards somehow? 我可以以某种方式使用通配符吗? As in:
如:
string Fixed = MyString.Replace("2*******", "?");
What I'm looking for is this result: 我正在寻找的是这个结果:
MyString = "SELECT Stuff FROM Table WHERE Code = "Foo" AND DATE=?";
You can use RegEx: 您可以使用RegEx:
Regex.Replace(input,@"DATE=""\d*""", "?");
However, if this is a SQL query, it would be better to use a parameterized query to avoid SQL injection attacks and so forth. 但是,如果这是SQL查询,则最好使用参数化查询来避免SQL注入攻击等。 It's the industry standard way of doing these kinds of things.
这是做这些事情的行业标准方法。
string Fixed = Regex.Replace( MyString, @"DATE=2\d{7}", "DATE=?" );
或者,使用正向后看
Replace( MyString, @"(?<=DATE=)2\d{7}", "?" );
A regex that matches the entire string would probably be ideal for preventing SQL injection attacks. 与整个字符串匹配的正则表达式可能是防止SQL注入攻击的理想选择。 To accomplish this you will use the start of line (
^
) and end of line ( $
) characters. 为此,您将使用行首(
^
)和行尾( $
)字符。
This will match something which is 5 or 6 digits long, and capture everything besides the first. 这将匹配5或6位数字的长度,并捕获除第一个数字外的所有内容。
^([0-9])([0-9]{4,5})$
If you want to capture something that starts with 2, and is always 6 digits long; 如果要捕获以2开头且始终为6位数长的内容; you could use
2
instead of the character class: 您可以使用
2
代替字符类:
^(2)([0-9]{5})$
This technique will not allow you to use the replace method directly, you will need to extract the capture groups 1 and 2, replace all the characters in group 2 with ?, and then concatenate them. 此技术不允许您直接使用replace方法,您需要提取捕获组1和2,将捕获组2中的所有字符替换为?,然后将它们连接起来。 Something like:
就像是:
matcher.group(1) + Regex.replace(m.group(2) , ".", "?")
Again, not carefully matching the entire string will result in SQL injection. 同样,不仔细匹配整个字符串将导致SQL注入。
The input, (DELETE * FROM Users Where 1=1) 200000
, would match these regex, and be merrily inserted into your SQL query as: (DELETE * FROM Users Where 1=1) 2?????
输入
(DELETE * FROM Users Where 1=1) 200000
将与这些正则表达式匹配,并以下列方式愉快地插入您的SQL查询: (DELETE * FROM Users Where 1=1) 2?????
You could use the Regex replace method: 您可以使用Regex替换方法:
string oldstring = "20120101";
string newstring = Regex.Replace(oldstring, @"^2[0-9]{7}", "?");
So is this what you are looking for? 那是您要找的东西吗?
string MyString = "SELECT Stuff FROM Table WHERE Code = {0} AND DATE={1}";
This will allow you to use the same string with whatever you want in {0} and {1} with something like: 这将使您可以对{0}和{1}中的任何内容使用相同的字符串,例如:
String.Format(MyString, codeString, dateString);
You can reuse the query string with whichever parameters you'd like. 您可以根据需要使用任何参数重复使用查询字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.