#region 获取 From 和 Query 的数据
/// <summary>
///获取POST 表单提交的值
/// </summary>
/// <param name="key">key</param>
/// <param name="isUrlDecode">是否</param>
/// <returns>返回From表单值</returns>
public static string Form(string key, bool isUrlDecode = false)
{
string result = "";
if (!string.IsNullOrWhiteSpace(HttpContext.Current.Request.Form[key]))
{
string s = HttpContext.Current.Request.Form[key];
if (isUrlDecode)
{
result = HttpContext.Current.Server.UrlDecode(s);
}
else
{
result = s;
}
}
if (IsSafeString(result))
{
return result;
}
return result;
}
/// <summary>
/// 获取GET 请求的值
/// </summary>
/// <param name="key">key</param>
/// <param name="isUrlDecode">是否进行URLDecode</param>
/// <returns></returns>
public static string QueryString(string key, bool isUrlDecode = false)
{
string result = "";
if (!string.IsNullOrWhiteSpace(HttpContext.Current.Request.QueryString[key]))
{
string s = HttpContext.Current.Request.QueryString[key];
if (isUrlDecode)
{
result = HttpContext.Current.Server.UrlDecode(s);
}
else
{
result = s;
}
}
if (IsSafeString(result))
{
return result;
}
return result;
}
/// <summary>
/// 获取GET或Post请求的值
/// </summary>
/// <param name="key">key</param>
/// <param name="isUrlDecode">是否进行URLDecode</param>
/// <returns></returns>
public static string Request(string key, bool isUrlDecode = false)
{
string result = "";
if (!string.IsNullOrWhiteSpace(HttpContext.Current.Request[key]))
{
string s = HttpContext.Current.Request[key];
if (isUrlDecode)
{
result = HttpContext.Current.Server.UrlDecode(s);
}
else
{
result = s;
}
}
if (IsSafeString(result))
{
return result;
}
return result;
}
#endregion
#region 检查危险字符
/// <summary>
/// 检查危险字符
/// </summary>
/// <param name="Input"></param>
/// <returns></returns>
public static bool IsSafeString(string sInput)
{
bool b = true;
string sInput1 = sInput.ToLower();
string output = sInput;
string pattern = @"*|onmouseover|alert|onmouseout|script|confirm|prompt|waitfor delay|style|<|>|%|&|and|or|exec|insert|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";
string[] strArry = pattern.Split('|');
foreach (var item in strArry)
{
if (output.Contains(item))
{
b = false;
break;
}
}
if (!b)
{
throw new Exception("请勿非法提交");
}
return b;
}
#endregion