.net中SQL防注入代码

 .net中SQL防注入代码 收藏
在网站里新建Global.asax,添加
void Application_BeginRequest(object source, EventArgs e)
    {
        COMP.ProcessRequest pr = new COMP.ProcessRequest();
        pr.StartProcessRequest();
    } 

comp里面有文件ProcessRequest.cs代码如下 view plaincopy to clipboardprint?
public class ProcessRequest  
    {  
        SQL注入式攻击代码分析#region SQL注入式攻击代码分析  
        /// <summary>  
        /// 处理用户提交的请求  
        /// </summary>  
        public void StartProcessRequest()  
        {  
            try 
            {  
                string getkeys = "";  
                string sqlErrorPage = "/";  
                if (System.Web.HttpContext.Current.Request.QueryString != null)  
                {  
 
                    for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)  
                    {  
                        getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];  
                        if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys].ToLower()))  
                        {  
                            System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);  
                            System.Web.HttpContext.Current.Response.End();  
                        }  
                    }  
                }  
 
                //if (System.Web.HttpContext.Current.Request.Form != null)  
                //{  
                //    for(int i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)  
                //    {  
                //        getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];  
                //        if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys].ToLower()))  
                //        {  
                //            System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage);  
                //            System.Web.HttpContext.Current.Response.End();  
                //        }  
                //    }  
                //}  
 
            }  
            catch 
            {  
                // 错误处理: 处理用户提交信息!  
            }  
        }  
        /// <summary>  
        /// 分析用户请求是否正常  
        /// </summary>  
        /// <param name="Str">传入用户提交数据</param>  
        /// <returns>返回是否含有SQL注入式攻击代码</returns>  
        private bool ProcessSqlStr(string Str)  
        {  
            bool ReturnValue = true;  
            try 
            {  
                if (Str != "" && Str != null)  
                {  
                    string SqlStr = "";  
                    if (SqlStr == "" || SqlStr == null)  
                    {  
                        SqlStr = "'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare";  
                    }  
                    string[] anySqlStr = SqlStr.Split('|');  
                    foreach (string ss in anySqlStr)  
                    {  
                        if (Str.IndexOf(ss) >= 0)  
                        {  
                            ReturnValue = false;  
                        }  
                    }  
                }  
            }  
            catch 
            {  
                ReturnValue = false;  
            }  
            return ReturnValue;  
        } 
        #endregion  
    } 
public class ProcessRequest
    {
        SQL注入式攻击代码分析#region SQL注入式攻击代码分析
        /// <summary>
        /// 处理用户提交的请求
        /// </summary>
        public void StartProcessRequest()
        {
            try
            {
                string getkeys = "";
                string sqlErrorPage = "/";
                if (System.Web.HttpContext.Current.Request.QueryString != null)
                {

                    for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
                    {
                        getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
                        if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys].ToLower()))
                        {
                            System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);
                            System.Web.HttpContext.Current.Response.End();
                        }
                    }
                }

                //if (System.Web.HttpContext.Current.Request.Form != null)
                //{
                //    for(int i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)
                //    {
                //        getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
                //        if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys].ToLower()))
                //        {
                //            System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage);
                //            System.Web.HttpContext.Current.Response.End();
                //        }
                //    }
                //}

            }
            catch
            {
                // 错误处理: 处理用户提交信息!
            }
        }
        /// <summary>
        /// 分析用户请求是否正常
        /// </summary>
        /// <param name="Str">传入用户提交数据</param>
        /// <returns>返回是否含有SQL注入式攻击代码</returns>
        private bool ProcessSqlStr(string Str)
        {
            bool ReturnValue = true;
            try
            {
                if (Str != "" && Str != null)
                {
                    string SqlStr = "";
                    if (SqlStr == "" || SqlStr == null)
                    {
                        SqlStr = "'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare";
                    }
                    string[] anySqlStr = SqlStr.Split('|');
                    foreach (string ss in anySqlStr)
                    {
                        if (Str.IndexOf(ss) >= 0)
                        {
                            ReturnValue = false;
                        }
                    }
                }
            }
            catch
            {
                ReturnValue = false;
            }
            return ReturnValue;
        }
        #endregion
    }

 

本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/yixin19861111/archive/2009/03/06/3962472.aspx

你可能感兴趣的:(.net)