1 public class AntiSqlInject 2 { 3 public HttpRequest Request; 4 5 public AntiSqlInject(HttpRequest requestPage) 6 { 7 Request = requestPage; 8 } 9 10 public bool CheckBadQuery() 11 { 12 //整串字符对比方法 13 if (Request.QueryString.Count != 0) 14 { 15 for (int i = 0; i < Request.QueryString.Count; i++) 16 { 17 if (CheckBadWord(Request.QueryString[i].Trim())) 18 return true; 19 } 20 } 21 return false; 22 } 23 24 public bool CheckBadForm() 25 { 26 if (Request.Form.Count > 0) 27 { 28 for (int i = 0; i < Request.Form.Count; i++) 29 { 30 if (CheckBadWord(Request.Form[i].Trim())) 31 { 32 return true; 33 } 34 } 35 } 36 return false; 37 } 38 39 public bool CheckBadWord(string str) 40 { 41 string pattern = @"select|insert|delete|from|count\(|drop|table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec|master|netlocalgroup administrators|:|net user|""|or|and|join"; 42 if (Regex.IsMatch(str, pattern, RegexOptions.IgnoreCase) || Regex.IsMatch(str, @"[-|;|,|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']")) 43 { 44 return true; 45 } 46 else 47 { 48 return false; 49 } 50 } 51 52 public static string FilterBadWord(string str) 53 { 54 string pattern = @"select|insert|delete|from|count\(|drop|table|update|truncate|asc\(|mid\(|char\(|xp_cmdshell|exec|master|netlocalgroup administrators|:|net user|""|or|join|-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\'"; 55 string[] patternArr = pattern.Split('|'); 56 Regex regexAntiSqlInject; 57 string result = str; 58 for (int i = 0; i < patternArr.Length; i++) 59 { 60 regexAntiSqlInject = new Regex(patternArr[i], RegexOptions.IgnoreCase); 61 result = regexAntiSqlInject.Replace(result, string.Empty); 62 } 63 return result; 64 } 65 /// <summary> 66 /// 反SQL注入 67 /// </summary> 68 public void AntiSqlInjectionAttack() 69 { 70 if (CheckBadQuery() || CheckBadForm()) 71 { 72 string msg = string.Empty; 73 msg += "<span style='font-size:12px;'>非法操作!系统做了如下记录!<br>"; 74 msg += "操作IP:" + System.Web.HttpContext.Current.Request.UserHostAddress + "<br>"; 75 msg += "操作时间:" + System.DateTime.Now.ToString("yyyy-MM--dd HH:mm:ss") + "<br>"; 76 msg += "页面:" + Request.ServerVariables["URL"].ToLower() + "<br>"; 77 msg += "<a href=\"#\" οnclick=\"history.back()\">返回上一页</a></span>"; 78 HttpContext.Current.Response.Write(msg); 79 HttpContext.Current.Response.End(); 80 } 81 } 82 }
转载于:https://www.cnblogs.com/littleboywei/archive/2012/07/20/2600779.html