mysql恶意代码_mysql数据库恶意代码注入的清理

最新推荐文章于 2024-04-19 11:00:00 发布

迦勒底搞事先锋

最新推荐文章于 2024-04-19 11:00:00 发布

阅读量286

点赞数

文章标签： mysql恶意代码

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

本文链接：https://blog.csdn.net/weixin_34175388/article/details/114855953

版权

using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page

{

protected void Page_Load(object sender, EventArgs e)

{

}

string dataName = "";

string tableName = "";

string datafield = "";

string S_str = "";

string ReS_str = "";

string LogName = "";

string LogPsw = "";

protected void Button1_Click(object sender, EventArgs e)

{

dataName = txtDb.Text.Trim();// 数据库名

tableName = txtTb.Text.Trim();//表名

datafield = txtField.Text.Trim();//列名

S_str = txtTheStr.Text.Trim();//清理的字符串

ReS_str = txtStr.Text.Trim();//被清理的字符串

LogName = txtLogName.Text.Trim();//数据库登录名

LogPsw = txtLogPsw.Text.Trim();//数据库登录密码

//集成验证

//string strcon = @"Data Source=.;Initial Catalog="+dataName+";Integrated Security=True";

string strcon =@"server=localhost;database="+dataName+";UID="+LogName+" ;PassWord="+LogPsw;

SqlConnection con = new SqlConnection();

con.ConnectionString = strcon;

SqlCommand com = con.CreateCommand();

//创建内存表

DataTable myTempTb = new DataTable();

myTempTb.Columns.Add("Id");

myTempTb.Columns.Add("Content");

//

com.CommandText = "select ID,"+datafield+" from "+tableName;

SqlDataReader dr;

con.Open();

try

{

dr = com.ExecuteReader();

//清理数据

string Contentstr = "";

while(dr.Read())

{

string Id = dr[0].ToString();

Contentstr = dr[1].ToString();

Contentstr = Contentstr.Replace(S_str, ReS_str);

//清理后暂时存在内存表中

myTempTb.Rows.Add(new object[] { Id, Contentstr });

}

dr.Close();

dr.Dispose();

con.Close();

con.Dispose();

//回填数据

for (int i = 0; i < myTempTb.Rows.Count; i++)

{

string id ="";

id= myTempTb.Rows[0].ToString();

Contentstr = myTempTb.Rows[1].ToString();

execTheRe(id, Contentstr);

}

Response.Write("");

}

catch (Exception ex)

{

Response.Write("");

}

}

private void execTheRe(string id, string content)

{

try

{

string strcon = @"server=localhost;database=" + dataName + ";UID=" + LogName + " ;PassWord=" + LogPsw;

SqlConnection con = new SqlConnection();

con.ConnectionString = strcon;

SqlCommand com = con.CreateCommand();

con.Open();

com.CommandText = "update " + tableName + " set " + datafield + "=@content where ID=" + id;

SqlParameter myPar;

myPar = new SqlParameter("@content", SqlDbType.Text);

myPar.Value = content;

com.Parameters.Add(myPar);

com.ExecuteNonQuery();

con.Close();

}

catch (Exception ex)

{

Response.Write("");

}

}

}

迦勒底搞事先锋

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
mysql恶意代码_mysql数据库恶意代码注入的清理

using System.Data.SqlClient;public partial class _Default : System.Web.UI.Page{protected void Page_Load(object sender, EventArgs e){}string dataName = "";string tableName = "";string datafield = "";st...
复制链接

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。