字符串处理
:
#region 过滤危险字符
public string safety(string sql)
{
sql = sql.Trim();
sql = sql.Replace("<", "");
sql = sql.Replace(">", "");
sql = sql.Replace(" ", "");
sql = sql.Replace("*", "");
sql = sql.Replace("'", "");
sql = sql.Replace("%", "");
//.........
return sql;
}
#endregion
public static string DelSQLStr(string str)
{
if(str == null || str == "")
return "";
str = str.Replace(";","");
str = str.Replace("'","");
str= str.Replace("&","");
str= str.Replace("%20","");
str= str.Replace("--","");
str= str.Replace("==","");
str= str.Replace("<","");
str= str.Replace(">","");
str= str.Replace("%","");
return str;
}
using System;
namespace Theme.Services.Public
{
///
/// SqlstrAny 的摘要说明。
///
public class ProcessRequest
{
public ProcessRequest()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
#region SQL注入式攻击代码分析
///
/// 处理用户提交的请求
///
public void StartProcessRequest()
{
try
{
string getkeys = "";
string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString();
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for(int i=0;i
/// 分析用户请求是否正常
///
/// 传入用户提交数据
/// 返回是否含有SQL注入式攻击代码
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str != "")
{
string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.IndexOf(ss)>=0)
{
ReturnValue = false;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
#endregion
}
}
// System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString(); 这个为用户自定义错误页面提示地址,
//在Web.Config文件时里面添加一个 CustomErrorPage 即可
//
//