asp.net下检测SQL注入式攻击代码

最新推荐文章于 2024-10-06 20:14:06 发布

zhaili1978

最新推荐文章于 2024-10-06 20:14:06 发布

阅读量744

点赞数

分类专栏： asp.net中的有些封装（方法）文章标签： asp.net sql string regex null html

本文链接：https://blog.csdn.net/zhaili1978/article/details/6331724

版权

asp.net中的有些封装（方法）专栏收录该内容

102 篇文章 1 订阅

订阅专栏

两个类：
（页面数据校验类）PageValidate.cs 基本通用。
代码如下：

using System;
using System.Text;
using System.Web;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;
namespace Common
{
///
/// 页面数据校验类
///
public class PageValidate
{
private static Regex RegNumber = new Regex("^[0-9]+$");
private static Regex RegNumberSign = new Regex("^[+-]?[0-9]+$");
private static Regex RegDecimal = new Regex("^[0-9]+[.]?[0-9]+$");
private static Regex RegDecimalSign = new Regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等价于^[+-]?/d+[.]?/d+$
private static Regex RegEmail = new Regex("^[//w-]+@[//w-]+//.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或数字的字符串，和 [a-zA-Z0-9] 语法一样
private static Regex RegCHZN = new Regex("[/u4e00-/u9fa5]");
public PageValidate()
{
}

#region 数字字符串检查
///
/// 检查Request查询字符串的键值，是否是数字，最大长度限制
///
/// Request
/// Request的键值
/// 最大长度
/// 返回Request查询字符串
public static string FetchInputDigit(HttpRequest req, string inputKey, int maxLen)
{
string retVal = string.Empty;
if(inputKey != null && inputKey != string.Empty)
{
retVal = req.QueryString[inputKey];
if(null == retVal)
retVal = req.Form[inputKey];
if(null != retVal)
{
retVal = SqlText(retVal, maxLen);
if(!IsNumber(retVal))
retVal = string.Empty;
}
}
if(retVal == null)
retVal = string.Empty;
return retVal;
}
///
/// 是否数字字符串
///
/// 输入字符串
///
public static bool IsNumber(string inputData)
{
Match m = RegNumber.Match(inputData);
return m.Success;
}
///
/// 是否数字字符串可带正负号
///
/// 输入字符串
///
public static bool IsNumberSign(string inputData)
{
Match m = RegNumberSign.Match(inputData);
return m.Success;
}
///
/// 是否是浮点数
///
/// 输入字符串
///
public static bool IsDecimal(string inputData)
{
Match m = RegDecimal.Match(inputData);
return m.Success;
}
///
/// 是否是浮点数可带正负号
///
/// 输入字符串
///
public static bool IsDecimalSign(string inputData)
{
Match m = RegDecimalSign.Match(inputData);
return m.Success;
}
#endregion
#region 中文检测
///
/// 检测是否有中文字符
///
///
///
public static bool IsHasCHZN(string inputData)
{
Match m = RegCHZN.Match(inputData);
return m.Success;
}
#endregion
#region 邮件地址
///
/// 是否是浮点数可带正负号
///
/// 输入字符串
///
public static bool IsEmail(string inputData)
{
Match m = RegEmail.Match(inputData);
return m.Success;
}
#endregion
#region 其他
///
/// 检查字符串最大长度，返回指定长度的串
///
/// 输入字符串
/// 最大长度
///
public static string SqlText(string sqlInput, int maxLength)
{
if(sqlInput != null && sqlInput != string.Empty)
{
sqlInput = sqlInput.Trim();
if(sqlInput.Length > maxLength)//按最大长度截取字符串
sqlInput = sqlInput.Substring(0, maxLength);
}
return sqlInput;
}
///
/// 字符串编码
///
///
///
public static string HtmlEncode(string inputData)
{
return HttpUtility.HtmlEncode(inputData);
}
///
/// 设置Label显示Encode的字符串
///
///
///
public static void SetLabel(Label lbl, string txtInput)
{
lbl.Text = HtmlEncode(txtInput);
}
public static void SetLabel(Label lbl, object inputObj)
{
SetLabel(lbl, inputObj.ToString());
}
//字符串清理
public static string InputText(string inputString, int maxLength)
{
StringBuilder retVal = new StringBuilder();
// 检查是否为空
if ((inputString != null) && (inputString != String.Empty))
{
inputString = inputString.Trim();
//检查长度
if (inputString.Length > maxLength)
inputString = inputString.Substring(0, maxLength);
//替换危险字符
for (int i = 0; i < inputString.Length; i++)
{
switch (inputString[i])
{
case '"':
retVal.Append(""");
break;
case '<':
retVal.Append("<");
break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append(inputString[i]);
break;
}
}
retVal.Replace("'", " ");// 替换单引号
}
return retVal.ToString();
}
///
/// 转换成 HTML code
///
/// string
/// string
public static string Encode(string str)
{
str = str.Replace("&","&");
str = str.Replace("'","''");
str = str.Replace("/"",""");
str = str.Replace(" "," ");
str = str.Replace("<","<");
str = str.Replace(">",">");
str = str.Replace("/n","
");
return str;
}
///
///解析html成普通文本
///
/// string
/// string
public static string Decode(string str)
{
str = str.Replace("
","/n");
str = str.Replace(">",">");
str = str.Replace("<","<");
str = str.Replace(" "," ");
str = str.Replace(""","/"");
return str;
}
#endregion
}
}

通用文件（Global.asax），保存为Global.asax文件名放到网站根木马下即可。（其他功能自行补上）