检测SQL注入式攻击代码

最新推荐文章于 2024-06-25 17:25:15 发布

pupstar

最新推荐文章于 2024-06-25 17:25:15 发布

阅读量743

点赞数

分类专栏：开源 WEB开发 C#.net 文章标签： sql string regex null object application

本文链接：https://blog.csdn.net/pupstar/article/details/4565655

版权

C#.net 同时被 3 个专栏收录

10 篇文章 0 订阅

订阅专栏

WEB开发

9 篇文章 0 订阅

订阅专栏

开源

8 篇文章 0 订阅

订阅专栏

两个类：

（页面数据校验类）PageValidate.cs 基本通用。

代码如下：

using System; using System.Text; using System.Web; using System.Web.UI.WebControls; using System.Text.RegularExpressions; namespace Common { /// <summary> /// 页面数据校验类 /// </summary> public class PageValidate { private static Regex RegNumber = new Regex("^[0-9]+$"); private static Regex RegNumberSign = new Regex("^[+-]?[0-9]+$"); private static Regex RegDecimal = new Regex("^[0-9]+[.]?[0-9]+$"); private static Regex RegDecimalSign = new Regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等价于^[+-]?/d+[.]?/d+$ private static Regex RegEmail = new Regex("^[//w-]+@[//w-]+//.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或数字的字符串，和 [a-zA-Z0-9] 语法一样 private static Regex RegCHZN = new Regex("[/u4e00-/u9fa5]"); public PageValidate() { } #region 数字字符串检查 /// <summary> /// 检查Request查询字符串的键值，是否是数字，最大长度限制 /// </summary> /// <param name="req">Request</param> /// <param name="inputKey">Request的键值</param> /// <param name="maxLen">最大长度</param> /// <returns>返回Request查询字符串</returns> public static string FetchInputDigit(HttpRequest req, string inputKey, int maxLen) { string retVal = string.Empty; if(inputKey != null && inputKey != string.Empty) { retVal = req.QueryString[inputKey]; if(null == retVal) retVal = req.Form[inputKey]; if(null != retVal) { retVal = SqlText(retVal, maxLen); if(!IsNumber(retVal)) retVal = string.Empty; } } if(retVal == null) retVal = string.Empty; return retVal; } /// <summary> /// 是否数字字符串 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsNumber(string inputData) { Match m = RegNumber.Match(inputData); return m.Success; } /// <summary> /// 是否数字字符串可带正负号 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsNumberSign(string inputData) { Match m = RegNumberSign.Match(inputData); return m.Success; } /// <summary> /// 是否是浮点数 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsDecimal(string inputData) { Match m = RegDecimal.Match(inputData); return m.Success; } /// <summary> /// 是否是浮点数可带正负号 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsDecimalSign(string inputData) { Match m = RegDecimalSign.Match(inputData); return m.Success; } #endregion #region 中文检测 /// <summary> /// 检测是否有中文字符 /// </summary> /// <param name="inputData"></param> /// <returns></returns> public static bool IsHasCHZN(string inputData) { Match m = RegCHZN.Match(inputData); return m.Success; } #endregion #region 邮件地址 /// <summary> /// 是否是浮点数可带正负号 /// </summary> /// <param name="inputData">输入字符串</param> /// <returns></returns> public static bool IsEmail(string inputData) { Match m = RegEmail.Match(inputData); return m.Success; } #endregion #region 其他 /// <summary> /// 检查字符串最大长度，返回指定长度的串 /// </summary> /// <param name="sqlInput">输入字符串</param> /// <param name="maxLength">最大长度</param> /// <returns></returns> public static string SqlText(string sqlInput, int maxLength) { if(sqlInput != null && sqlInput != string.Empty) { sqlInput = sqlInput.Trim(); if(sqlInput.Length > maxLength)//按最大长度截取字符串 sqlInput = sqlInput.Substring(0, maxLength); } return sqlInput; } /// <summary> /// 字符串编码 /// </summary> /// <param name="inputData"></param> /// <returns></returns> public static string HtmlEncode(string inputData) { return HttpUtility.HtmlEncode(inputData); } /// <summary> /// 设置Label显示Encode的字符串 /// </summary> /// <param name="lbl"></param> /// <param name="txtInput"></param> public static void SetLabel(Label lbl, string txtInput) { lbl.Text = HtmlEncode(txtInput); } public static void SetLabel(Label lbl, object inputObj) { SetLabel(lbl, inputObj.ToString()); } //字符串清理 public static string InputText(string inputString, int maxLength) { StringBuilder retVal = new StringBuilder(); // 检查是否为空 if ((inputString != null) && (inputString != String.Empty)) { inputString = inputString.Trim(); //检查长度 if (inputString.Length > maxLength) inputString = inputString.Substring(0, maxLength); //替换危险字符 for (int i = 0; i < inputString.Length; i++) { switch (inputString[i]) { case '"': retVal.Append("""); break; case '<': retVal.Append("<"); break; case '>': retVal.Append(">"); break; default: retVal.Append(inputString[i]); break; } } retVal.Replace("'", " ");// 替换单引号 } return retVal.ToString(); } /// <summary> /// 转换成 HTML code /// </summary> /// <param name="str">string</param> /// <returns>string</returns> public static string Encode(string str) { str = str.Replace("&","&"); str = str.Replace("'","''"); str = str.Replace("/"","""); str = str.Replace(" "," "); str = str.Replace("<","<"); str = str.Replace(">",">"); str = str.Replace("/n","<br>"); return str; } /// <summary> ///解析html成普通文本 /// </summary> /// <param name="str">string</param> /// <returns>string</returns> public static string Decode(string str) { str = str.Replace("<br>","/n"); str = str.Replace(">",">"); str = str.Replace("<","<"); str = str.Replace(" "," "); str = str.Replace(""","/""); return str; } #endregion } }

<mce:script language="C#" runat="server"></mce:script>

pupstar

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
检测SQL注入式攻击代码

两个类：（页面数据校验类）PageValidate.cs 基本通用。代码如下：using System;using System.Text;using System.Web;using System.Web.UI.WebControls;using System.Text.RegularExpressions;namespace Common{ ///
复制链接

扫一扫

专栏目录