字符串处理
:
#region 过滤危险字符 public string safety(string sql) { sql = sql.Trim(); sql = sql.Replace("<", ""); sql = sql.Replace(">", ""); sql = sql.Replace(" ", ""); sql = sql.Replace("*", ""); sql = sql.Replace("'", ""); sql = sql.Replace("%", ""); //......... return sql; } #endregionpublic static string DelSQLStr(string str) { if(str == null || str == "") return ""; str = str.Replace(";",""); str = str.Replace("'",""); str= str.Replace("&",""); str= str.Replace("%20",""); str= str.Replace("--",""); str= str.Replace("==",""); str= str.Replace("<",""); str= str.Replace(">",""); str= str.Replace("%",""); return str; }using System; namespace Theme.Services.Public { ////// SqlstrAny 的摘要说明。 /// public class ProcessRequest { public ProcessRequest() { // // TODO: 在此处添加构造函数逻辑 // } #region SQL注入式攻击代码分析 /// /// 处理用户提交的请求 /// public void StartProcessRequest() { try { string getkeys = ""; string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString(); if (System.Web.HttpContext.Current.Request.QueryString != null) { for(int i=0;i /// 分析用户请求是否正常 /// /// 传入用户提交数据 /// 返回是否含有SQL注入式攻击代码 private bool ProcessSqlStr(string Str) { bool ReturnValue = true; try { if (Str != "") { string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare "; string[] anySqlStr = SqlStr.Split('|'); foreach (string ss in anySqlStr) { if (Str.IndexOf(ss)>=0) { ReturnValue = false; } } } } catch { ReturnValue = false; } return ReturnValue; } #endregion } } // System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString(); 这个为用户自定义错误页面提示地址, //在Web.Config文件时里面添加一个 CustomErrorPage 即可 // //