Global.asax.cs防注入问题 如果对参数没做处理,可以用下面的放在Global中防注入 protected void Application_BeginRequest(Object sender, EventArgs e) { //SQL防注入 string Sql_1 = "exec ¦insert+ ¦select+ ¦delete ¦update ¦count ¦chr ¦mid ¦master+ ¦truncate ¦char ¦declare ¦drop+ ¦drop+table ¦creat+ ¦creat+table"; string Sql_2 = "exec+ ¦insert+ ¦delete+ ¦update+ ¦count( ¦count+ ¦chr+ ¦+mid( ¦+mid+ ¦+master+ ¦truncate+ ¦char+ ¦+char( ¦declare+ ¦drop+ ¦creat+ ¦drop+table ¦creat+table"; string[] sql_c = Sql_1.Split('¦'); string[] sql_c1 = Sql_2.Split('¦'); if (Request.QueryString != null) { foreach (string sl in sql_c) { if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0) { Response.Write("警告!你的IP已经被记录!");// Response.Write(sl); Response.Write(Request.QueryString.ToString()); Response.End(); break; } } } if (Request.Form.Count > 0) { string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称 if (Request.ServerVariables["HTTP_REFERER"] != null) { string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称 string s3 = ""; if (s1.Length > (s2.Length - 7)) { s3 = s2.Substring(7); } else { s3 = s2.Substring(7, s1.Length); } if (s3 != s1) { Response.Write("你的IP已被记录!警告!");// Response.End(); } } } }