private bool FilterIllegalChar(string sWord) { var result = false; var keyWord = @"select|insert|delete|from|count\(|drop table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and"; string StrRegex = @"[-|;|,|/|\(|\)|\[|\]|}|{|%|\@|*|!|']"; if (Regex.IsMatch(sWord, keyWord, RegexOptions.IgnoreCase) || Regex.IsMatch(sWord, StrRegex)) return true; return result; }