public string KillSqlInjectionWords(string WithBadChars)
{
string [] SqlInjectionKeywords = { "select",
"drop",
";",
"--",
"insert",
"delete",
"xp_",
"sp_",
"exec",
"'"
};
string WithoutBadChars = "" ;
for (int i = 0; i < SqlInjectionKeywords.Length; i++)
{
WithoutBadChars = WithBadChars.Replace(SqlInjectionKeywords[i],"");
WithBadChars = WithoutBadChars ;
}
return WithoutBadChars;
}