private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str.Trim() != "")
{
string SqlStr = "exec|insert|select|delete|master|update|truncate|declare|'|/"";
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if(!Str.ToLower().Contains("updatepanel"))
{
if (Str.ToLower().IndexOf(ss) >= 0)
{
ReturnValue = false;
return ReturnValue;
}
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
protected void Button2_Click(object sender, EventArgs e)
{
bool bovi=ProcessSqlStr(this.source.Text);
if (bovi == false)
{
this.TextBox1.Text = "没有字符";
Response.Write("dd");
return;
}
}
asp.net防sql注入语句
最新推荐文章于 2017-05-27 11:05:34 发布