.net中SQL防注入代码 收藏
在网站里新建Global.asax,添加
void Application_BeginRequest(object source, EventArgs e)
{
COMP.ProcessRequest pr = new COMP.ProcessRequest();
pr.StartProcessRequest();
}
comp里面有文件ProcessRequest.cs代码如下 view plaincopy to
clipboardprint?
public class
ProcessRequest
{
SQL注入式攻击代码分析#region
SQL注入式攻击代码分析
///
<summary>
/// 处理用户提交的请求
///
</summary>
public void
StartProcessRequest()
{
try
{
string getkeys = "";
string sqlErrorPage =
"/";
if (System.Web.HttpContext.Current.Request.QueryString !=
null)
{
for (int i = 0; i <
System.Web.HttpContext.Current.Request.QueryString.Count;
i++)
{
getkeys =
System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if
(!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys].ToLower()))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);
System.Web.HttpContext.Current.Response.End();
}
}
}
//if (System.Web.HttpContext.Current.Request.Form !=
null)
//{
// for(int
i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)
//
{
//
getkeys =
System.Web.HttpContext.Current.Request.Form.Keys[i];
//
if
(!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys].ToLower()))
//
{
//
System.Web.HttpContext.Current.Response.Redirect
(sqlErrorPage);
//
System.Web.HttpContext.Current.Response.End();
//
}
//
}
//}
}
catch
{
// 错误处理: 处理用户提交信息!
}
}
///
<summary>
/// 分析用户请求是否正常
///
</summary>
/// <param
name="Str">传入用户提交数据</param>
///
<returns>返回是否含有SQL注入式攻击代码</returns>
private bool ProcessSqlStr(string
Str)
{
bool ReturnValue = true;
try
{
if (Str != "" && Str !=
null)
{
string SqlStr = "";
if (SqlStr == "" || SqlStr ==
null)
{
SqlStr =
"'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare";
}
string[] anySqlStr =
SqlStr.Split('|');
foreach (string ss in
anySqlStr)
{
if (Str.IndexOf(ss) >=
0)
{
ReturnValue = false;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
#endregion
}
public class ProcessRequest
{
SQL注入式攻击代码分析#region SQL注入式攻击代码分析
/// <summary>
/// 处理用户提交的请求
/// </summary>
public void StartProcessRequest()
{
try
{
string getkeys = "";
string sqlErrorPage = "/";
if (System.Web.HttpContext.Current.Request.QueryString !=
null)
{
for (int i = 0; i <
System.Web.HttpContext.Current.Request.QueryString.Count;
i++)
{
getkeys =
System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if
(!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys].ToLower()))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);
System.Web.HttpContext.Current.Response.End();
}
}
}
//if (System.Web.HttpContext.Current.Request.Form != null)
//{
// for(int
i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)
// {
//
getkeys =
System.Web.HttpContext.Current.Request.Form.Keys[i];
//
if
(!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys].ToLower()))
//
{
//
System.Web.HttpContext.Current.Response.Redirect
(sqlErrorPage);
//
System.Web.HttpContext.Current.Response.End();
//
}
// }
//}
}
catch
{
// 错误处理: 处理用户提交信息!
}
}
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param
name="Str">传入用户提交数据</param>
///
<returns>返回是否含有SQL注入式攻击代码</returns>
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str != "" && Str != null)
{
string SqlStr = "";
if (SqlStr == "" || SqlStr == null)
{
SqlStr =
"'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare";
}
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.IndexOf(ss) >= 0)
{
ReturnValue = false;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
#endregion
}
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/yixin19861111/archive/2009/03/06/3962472.aspx