asp.net 防止sql注入 global 文件控制

最新推荐文章于 2017-10-12 09:55:43 发布

weixin_30802273

最新推荐文章于 2017-10-12 09:55:43 发布

阅读量102

点赞数

原文链接：http://www.cnblogs.com/liulf/archive/2011/07/09/2101981.html

版权

using System;
using System.Collections;
using System.ComponentModel;
using System.Web;
using System.Web.SessionState;
using log4net;

namespace WebCheminfo 
{
	/// <summary>
	/// Global 的摘要说明。
	/// </summary>

	public class Global : System.Web.HttpApplication
	{
		/// <summary>
		/// 必需的设计器变量。
		/// </summary>
		private System.ComponentModel.IContainer components = null;
      
		public Global()
		{
			InitializeComponent();
		}	
		
		protected void Application_Start(Object sender, EventArgs e)
		{
		}
 
		protected void Session_Start(Object sender, EventArgs e)
		{

		}

		/// <summary>
		/// 防止SQL注入
		/// </summary>
		/// <param name="sender"></param>
		/// <param name="e"></param>
		void Application_BeginRequest(Object sender, EventArgs e)
		{
        
			StartProcessRequest();

		}

		#region SQL注入式攻击代码分析
		/// <summary> 
		/// 处理用户提交的请求 
		/// </summary> 
		private void StartProcessRequest()
		{
			 
				string getkeys = "";
				string sqlErrorPage = "~/";//转向的错误提示页面 
				if (System.Web.HttpContext.Current.Request.QueryString != null)
				{

					for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
					{
						getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
						if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
						{
							System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);
							System.Web.HttpContext.Current.Response.End();
						}
					}
				}
//				if (System.Web.HttpContext.Current.Request.Form != null)
//				{
//					for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
//					{
//						getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
//						if (getkeys == "__VIEWSTATE") continue;
//						if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
//						{
//							System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);
//							System.Web.HttpContext.Current.Response.End();
//						}
//					}
//				}
			 
		}

		/// <summary> 
		/// 分析用户请求是否正常 
		/// </summary> 
		/// <param name="Str">传入用户提交数据 </param> 
		/// <returns>返回是否含有SQL注入式攻击代码 </returns> 
		private bool ProcessSqlStr(string Str)
		{
			bool ReturnValue = true;
			try
			{
				if (Str.Trim() != "")
				{
					string SqlStr = " exec.update.declare.exe.varchar.truncate.create";

					string[] anySqlStr = SqlStr.Split('.');
					foreach (string ss in anySqlStr)
					{
						if (Str.ToLower().IndexOf(ss) !=-1)
						{
							ReturnValue = false;
							break;
						}
					}
				}
			}
			catch
			{
				ReturnValue = false;
			}
			return ReturnValue;
		}
		#endregion

		protected void Application_EndRequest(Object sender, EventArgs e)
		{

		}

		protected void Application_AuthenticateRequest(Object sender, EventArgs e)
		{

		}

		protected void Application_Error(Object sender, EventArgs e)
		{

		}

		protected void Session_End(Object sender, EventArgs e)
		{

		}

		protected void Application_End(Object sender, EventArgs e)
		{

		}
			
		#region Web 窗体设计器生成的代码
		/// <summary>
		/// 设计器支持所需的方法 - 不要使用代码编辑器修改
		/// 此方法的内容。
		/// </summary>
		private void InitializeComponent()
		{    
			this.components = new System.ComponentModel.Container();
		}
		#endregion
	}
}

转载于:https://www.cnblogs.com/liulf/archive/2011/07/09/2101981.html

weixin_30802273

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
asp.net 防止sql注入 global 文件控制

using System;using System.Collections;using System.ComponentModel;using System.Web;using System.Web.SessionState;using log4net;namespace WebCheminfo { /// <summary> /// Glo...
复制链接

扫一扫