求一或若干Sql防注入函数解决办法
日期:2014-05-18 浏览次数:20430 次
求一或若干Sql防注入函数
RT
------解决方案--------------------
public static bool checkstring(string str) //危险码过滤
{
string str2 = str;
if (str == "" || str == null)
{ return false; }
else
{
str = str.ToLower();
str = str.Replace("'", "");
str = str.Replace("-", "");
str = str.Replace("<", "");
str = str.Replace(">", "");
str = str.Replace("and", "");
str = str.Replace("or", "");
str = str.Replace("=", "");
str = str.Replace("%", "");
str = str.Replace("*", "");
str = str.Replace("?", "");
str = str.Replace("#", "");
str = str.Replace("~", "");
str = str.Replace("&", "");
str = str.Replace("^", "");
}
if (str.Length == str2.Length)
{ return true; }
else { return false; }
}
然后再输入框那直接调用函数即可
if (ConBLL.checkstring(A_usernmae.Text) && ConBLL.checkstring(A_password1.Text)&&ConBLL.checkstring(A_password2.Text))//限制注入乱码
{
hskfhsadfsffsfsafsadfsdafsadfsdf
}
------解决方案--------------------
#region 安全检测
/// <summary>
/// SQL防注入(URL参数方式)
/// select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists
/// </summary>
public static void chkSql(string str, int Tips_mode, string ErrUrl)
{
string str_t = string.Empty;
if (Tips_mode.ToString() == "")
{
Tips_mode = 1; //处理方式:1=提示信息,2=转向页面,3=先提示再转向
}
if (ErrUrl == "")
{
ErrUrl = "Default.Aspx"; //出错时转向的页面
}
if (str == "")
{
str = System.Web.HttpContext.Current.Request.ServerVariables["QUERY_STRING"];
}
str_t = str.ToLower();
if (str_t.IndexOf("'") >= 0
|| str_t.IndexOf(" or ") >= 0
|| str_t.IndexOf(" and ") >= 0
|| str_t.IndexOf("exec") >= 0
|| str_t.IndexOf("select") >= 0
|| str_t.IndexOf("update") >= 0
|| str_t.IndexOf("chr") >= 0
|| str_t.IndexOf("delete") >= 0
|| str_t.IndexOf(";") >= 0
|| str_t.IndexOf("insert") >= 0
|| str_t.IndexOf("count") >= 0
|| str_t.IndexOf("drop") >= 0
|| str_t.IndexOf("and") >= 0
|| str_t.IndexOf("truncate") >= 0
|| str_t.IndexOf("shell") >= 0
|| str_t.IndexOf("declare") >= 0
|| str_t.IndexOf("@") >= 0
|| str_t.IndexOf("declare") >= 0
|| str_t.IndexOf("dbcc") >= 0
|| str_t.IndexOf("alter") >= 0
RT
------解决方案--------------------
public static bool checkstring(string str) //危险码过滤
{
string str2 = str;
if (str == "" || str == null)
{ return false; }
else
{
str = str.ToLower();
str = str.Replace("'", "");
str = str.Replace("-", "");
str = str.Replace("<", "");
str = str.Replace(">", "");
str = str.Replace("and", "");
str = str.Replace("or", "");
str = str.Replace("=", "");
str = str.Replace("%", "");
str = str.Replace("*", "");
str = str.Replace("?", "");
str = str.Replace("#", "");
str = str.Replace("~", "");
str = str.Replace("&", "");
str = str.Replace("^", "");
}
if (str.Length == str2.Length)
{ return true; }
else { return false; }
}
然后再输入框那直接调用函数即可
if (ConBLL.checkstring(A_usernmae.Text) && ConBLL.checkstring(A_password1.Text)&&ConBLL.checkstring(A_password2.Text))//限制注入乱码
{
hskfhsadfsffsfsafsadfsdafsadfsdf
}
------解决方案--------------------
#region 安全检测
/// <summary>
/// SQL防注入(URL参数方式)
/// select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists
/// </summary>
public static void chkSql(string str, int Tips_mode, string ErrUrl)
{
string str_t = string.Empty;
if (Tips_mode.ToString() == "")
{
Tips_mode = 1; //处理方式:1=提示信息,2=转向页面,3=先提示再转向
}
if (ErrUrl == "")
{
ErrUrl = "Default.Aspx"; //出错时转向的页面
}
if (str == "")
{
str = System.Web.HttpContext.Current.Request.ServerVariables["QUERY_STRING"];
}
str_t = str.ToLower();
if (str_t.IndexOf("'") >= 0
|| str_t.IndexOf(" or ") >= 0
|| str_t.IndexOf(" and ") >= 0
|| str_t.IndexOf("exec") >= 0
|| str_t.IndexOf("select") >= 0
|| str_t.IndexOf("update") >= 0
|| str_t.IndexOf("chr") >= 0
|| str_t.IndexOf("delete") >= 0
|| str_t.IndexOf(";") >= 0
|| str_t.IndexOf("insert") >= 0
|| str_t.IndexOf("count") >= 0
|| str_t.IndexOf("drop") >= 0
|| str_t.IndexOf("and") >= 0
|| str_t.IndexOf("truncate") >= 0
|| str_t.IndexOf("shell") >= 0
|| str_t.IndexOf("declare") >= 0
|| str_t.IndexOf("@") >= 0
|| str_t.IndexOf("declare") >= 0
|| str_t.IndexOf("dbcc") >= 0
|| str_t.IndexOf("alter") >= 0
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
