asp.net sql防止sql注入

字符串处理:
   #region 过滤危险字符
    public string safety(string sql)
    {
        sql = sql.Trim();
        sql = sql.Replace("<", "");
        sql = sql.Replace(">", "");
        sql = sql.Replace(" ", "");
        sql = sql.Replace("*", "");
        sql = sql.Replace("'", "");
        sql = sql.Replace("%", "");
        //.........
        return sql;
    }
    #endregion
public static string DelSQLStr(string str)
{
    if(str == null || str == "")
        return "";
    str = str.Replace(";","");
    str = str.Replace("'","");
    str= str.Replace("&","");
    str= str.Replace("%20","");
    str= str.Replace("--","");
    str= str.Replace("==","");
    str= str.Replace("<","");
    str= str.Replace(">","");
    str= str.Replace("%","");
    return str;
}
using System;

namespace Theme.Services.Public
{
 /// <summary></summary>
 /// SqlstrAny 的摘要说明。
 /// 
 public class ProcessRequest
 {
  public ProcessRequest()
  {
   //
   // TODO: 在此处添加构造函数逻辑
   //
  }

  #region SQL注入式攻击代码分析
  /// <summary></summary>
  /// 处理用户提交的请求
  /// 
  public void StartProcessRequest()
  {
   try
   {
    string getkeys = "";
    string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString();
    if (System.Web.HttpContext.Current.Request.QueryString != null)
    {
    
     for(int i=0;i
  /// 分析用户请求是否正常
  /// 
  /// 传入用户提交数据
  /// <returns></returns>返回是否含有SQL注入式攻击代码
  private bool ProcessSqlStr(string Str)
  {
   bool ReturnValue = true;
   try
   {
    if (Str != "")
    {
     string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
     string[] anySqlStr = SqlStr.Split('|');
     foreach (string ss in anySqlStr)
     {
      if (Str.IndexOf(ss)>=0)
      {
       ReturnValue = false;
      }
     }
    }
   }
   catch
   {
    ReturnValue = false;
   }
   return ReturnValue;
  }
  #endregion

 }
}

// System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString(); 这个为用户自定义错误页面提示地址,
//在Web.Config文件时里面添加一个 CustomErrorPage 即可
//<!-- 防止SQL数据库注入攻击的出错页面自定义地址 -->
//    <add value="../Error.HTML" key="CustomErrorPage"></add>
阅读更多
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭