protected void Application_BeginRequest(Object sender, EventArgs e)
{
StartProcessRequest();
} private void StartProcessRequest() { try
{
string sqlErrorPage = "Error.aspx";//转向的错误提示页面 if (System.Web.HttpContext.Current.Request.QueryString != null) { string url = Request.Url.ToString(); if (!ProcessSqlStr(url)) { Response.Redirect(sqlErrorPage);
} } if (System.Web.HttpContext.Current.Request.Form != null) { System.Collections.Specialized.NameObjectCollectionBase.KeysCollection getkeys = System.Web.HttpContext.Current.Request.Form.Keys; for (int j = 0; j < getkeys.Count; j++) { if (getkeys[j] == "__VIEWSTATE") continue; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys[j]])) { System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage); System.Web.HttpContext.Current.Response.End(); } } } } catch { // 错误处理: 处理用户提交信息! } } private bool ProcessSqlStr(string Str) { bool ReturnValue = true; try { if (Str.Trim() != "") { string SqlStr = "and¦exec¦insert¦select¦delete¦update¦count¦*¦chr¦mid¦master¦truncate¦char¦declare"; string[] anySqlStr = SqlStr.Split('¦'); foreach (string ss in anySqlStr) { if (Str.ToLower().IndexOf(ss) >= 0) { ReturnValue = false; break; } } } } catch { ReturnValue = false; } return ReturnValue; }