第一步:在Web.config中配置
<appSettings>
<add key="safeParameters" value="OrderID-int32,CustomerEmail-email,ShippingZipcode-USzip" />
</appSettings>
第二步:在Global.asaxz中添加
protected void Application_BeginRequest(Object sender, EventArgs e)
{
try
{
String[] safeParameters = System.Configuration.ConfigurationSettings.AppSettings["safeParameters"].ToString().Split(',');
for (int i = 0; i < safeParameters.Length; i++)
{
String parameterName = safeParameters[i].Split('-')[0];
String parameterType = safeParameters[i].Split('-')[1];
isValidParameter(parameterName, parameterType);
}
string getkeys = "";
string sqlErrorPage = "~/ErrorPage/index.html";
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.