public string Check_Form(string str)
{
if(Check_Form())
return Check_SQLINJECTION(str);
else
Response.Redirect
(PageBase.UrlBase+"/errorpage.aspx");
return null;
//
}
public string Check_SQLINJECTION(string InsertStr)
{
if(InsertStr != null && InsertStr != "")
{
//|and|exec|insert|select|delete|update|count|*|%
|chr|mid|master|truncate|char|declare
string[] SQLINJECTION =
"'|and|exec|insert|select|delete|update|count|*|%
|chr|mid|master|truncate|char|declare".Split("|".ToCharArray());
int i;
for ( i=0;i<SQLINJECTION.Length;i++ )
{
if ( InsertStr.IndexOf(SQLINJECTION
[i].ToString().Trim())>-1 )
InsertStr = InsertStr.Replace
(SQLINJECTION[i],"");
}
}
return InsertStr;
}