void Application_BeginRequest(object source, EventArgs e)
{
COMP.ProcessRequest pr = new COMP.ProcessRequest();
pr.StartProcessRequest();
}
comp里面有文件ProcessRequest.cs代码如下
public class ProcessRequest
{
SQL注入式攻击代码分析#region SQL注入式攻击代码分析 /**//// <summary>
/// 处理用户提交的请求
/// </summary> public void StartProcessRequest() { try { string getkeys = ""; string sqlErrorPage = "/"; if (System.Web.HttpContext.Current.Request.QueryString != null) { for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++) { getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i]; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys].ToLower())) { System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage); System.Web.HttpContext.Current.Response.End(); } } } //if (System.Web.HttpContext.Current.Request.Form != null) //{ // for(int i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++) // { // getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i]; // if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys].ToLower())) // { // System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage); // System.Web.HttpContext.Current.Response.End(); // } // } //} } catch { // 错误处理: 处理用户提交信息! } } /**//// <summary> /// 分析用户请求是否正常 /// </summary> /// <param name="Str">传入用户提交数据</param> /// <returns>返回是否含有SQL注入式攻击代码</returns> private bool ProcessSqlStr(string Str) { bool ReturnValue = true; try { if (Str != "" && Str != null) { string SqlStr = ""; if (SqlStr == "" || SqlStr == null) { SqlStr = "'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare"; } string[] anySqlStr = SqlStr.Split('|'); foreach (string ss in anySqlStr) { if (Str.IndexOf(ss) >= 0) { ReturnValue = false; } } } } catch { ReturnValue = false; } return ReturnValue; } #endregion
}comp下载地址:点此