asp.net global 防止注入

using System;
using System.Collections;
using System.ComponentModel;
using System.Web;
using System.Web.SessionState;

namespace WebCheminfo
{
    /// <summary>
    /// Global 的摘要说明。
    /// </summary>

    public class Global : System.Web.HttpApplication
    {
        /// <summary>
        /// 必需的设计器变量。
        /// </summary>
        private System.ComponentModel.IContainer components = null;

        public Global()
        {
            InitializeComponent();
        }

        protected void Application_Start(Object sender, EventArgs e)
        {
        }

        protected void Session_Start(Object sender, EventArgs e)
        {

        }

        /// <summary>
        /// 防止SQL注入
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        void Application_BeginRequest(Object sender, EventArgs e)
        {

            StartProcessRequest();

        }

        #region SQL注入式攻击代码分析
        /// <summary>
        /// 处理用户提交的请求
        /// </summary>
        private void StartProcessRequest()
        {

            string getkeys = "";
            string sqlErrorPage = "~/";//转向的错误提示页面
            if (System.Web.HttpContext.Current.Request.QueryString != null)
            {

                for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
                {
                    getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
                    if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
                    {
                        Response.Redirect("~/");
                    }
                }
            }
            if (System.Web.HttpContext.Current.Request.Form != null)
            {
                for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
                {
                    getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
                    if (getkeys == "__VIEWSTATE") continue;
                    if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
                    {
                        Response.Redirect("~/");
                    }
                }
            }

        }

        /// <summary>
        /// 分析用户请求是否正常
        /// </summary>
        /// <param name="Str">传入用户提交数据 </param>
        /// <returns>返回是否含有SQL注入式攻击代码 </returns>
        private bool ProcessSqlStr(string Str)
        {
            bool ReturnValue = true;
            Str = Str.Replace(" ","").Replace("%20","");
            try
            {
                if (Str.Trim() != "")
                {
                    string SqlStr = " exec.update.declare.exe.varchar.truncate.create";

                    string[] anySqlStr = SqlStr.Split('.');
                    foreach (string ss in anySqlStr)
                    {
                        if (Str.ToLower().IndexOf(ss) != -1)
                        {
                            ReturnValue = false;
                            break;
                        }
                    }
                }
            }
            catch
            {
                return false;
            }
            return ReturnValue;
        }
        #endregion

        protected void Application_EndRequest(Object sender, EventArgs e)
        {

        }

        protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        {

        }

        protected void Application_Error(Object sender, EventArgs e)
        {

        }

        protected void Session_End(Object sender, EventArgs e)
        {

        }

        protected void Application_End(Object sender, EventArgs e)
        {

        }

        #region Web 窗体设计器生成的代码
        /// <summary>
        /// 设计器支持所需的方法 - 不要使用代码编辑器修改
        /// 此方法的内容。
        /// </summary>
        private void InitializeComponent()
        {
            this.components = new System.ComponentModel.Container();
        }
        #endregion
    }
}

 

转载于:https://www.cnblogs.com/liulf/archive/2010/01/18/1650576.html