- //在global.asax里添加如下代码段
- protected void Application_BeginRequest(Object sender, EventArgs e)
- {
- //SQL防注入
- string Sql_1 = "exec |insert+ |select+ |delete |update |count |chr |mid |master+ |truncate |char |declare |drop+ |drop+table |creat+ |creat+table";
- string Sql_2 = "exec+ |insert+ |delete+ |update+ |count( |count+ |chr+ |+mid( |+mid+ |+master+ |truncate+ |char+ |+char( |declare+ |drop+ |creat+ |drop+table |creat+table";
- string[] sql_c = Sql_1.Split(' |');
- string[] sql_c1 = Sql_2.Split(' |');
- if(Request.QueryString != null)
- {
- foreach (string sl in sql_c)
- {
- if(Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >=0)
- {
- Response.Write("警告!你的IP已经被记录!");//吓唬人的
- Response.Write(sl);
- Response.Write(Request.QueryString.ToString());
- //System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.F
- //orms.MessageBoxButtons.OK,System.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
- //Response.Redirect("http://www.163.com");
- Response.End();
- break;
- }
- }
- }
- if(Request.Form.Count > 0)
- {
- string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
- if(Request.ServerVariables["HTTP_REFERER"] != null)
- {
- string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
- string s3 = "";
- if(s1.Length > (s2.Length -7))
- {
- s3 = s2.Substring(7);
- }
- else
- {
- s3 = s2.Substring(7,s1.Length);
- }
- if(s3 != s1)
- {
- Response.Write("你的IP已被记录!警告!");//吓人的
- //System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.Forms.MessageBoxButtons.OK,Sy
- //stem.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
- //Response.Redirect("http://www.163.com");
- Response.End();
- }
- }
- }
- }
VS下SQL防注入
最新推荐文章于 2024-07-20 17:22:43 发布