zoukankan      html  css  js  c++  java

  • 发布一个.NET下防止SQL注入的类[转&未测试]

    /*
    csc.exe /t:library SqlstrAny.cs /r:C:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
     */
    using System;
    using System.Web;
    namespace Theme.Script
    {
     public class SqlstrAny : IHttpModule
     {
      public void Init(HttpApplication application)
      {
       application.BeginRequest += (new
        EventHandler(this.Application_BeginRequest));
      }
      private void Application_BeginRequest(Object source, EventArgs e)
      {
       //HttpApplication Application = (HttpApplication)source;
       //HttpResponse Response=Application.Context.Response;
       //Response.Write("<h1>Beginning of Request</h1><hr>");
       ProcessRequest pr = new ProcessRequest();
       pr.StartProcessRequest();
      }     
      public void Dispose()
      {
      }
     }

     public class ProcessRequest
     {
      #region SQL注入式攻击代码分析
      /// <summary>
      /// 处理用户提交的请求
      /// </summary>
      public void StartProcessRequest()
      {
       try
       {
        string getkeys = "";
        string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString();
        if (System.Web.HttpContext.Current.Request.QueryString != null)
        {
        
         for(int i=0;i<System.Web.HttpContext.Current.Request.QueryString.Count;i++)
         {
          getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
          if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
          {
           System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
           System.Web.HttpContext.Current.Response.End();
          }
         }
        }
        if (System.Web.HttpContext.Current.Request.Form != null)
        {
         for(int i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)
         {
          getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
          if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
          {
           System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
           System.Web.HttpContext.Current.Response.End();
          }
         }
        }
       }
       catch
       {
        // 错误处理: 处理用户提交信息!
       }
      }
      /// <summary>
      /// 分析用户请求是否正常
      /// </summary>
      /// <param name="Str">传入用户提交数据</param>
      /// <returns>返回是否含有SQL注入式攻击代码</returns>
      private bool ProcessSqlStr(string Str)
      {
       bool ReturnValue = true;
       try
       {
        if (Str != "")
        {
         string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
         string[] anySqlStr = SqlStr.Split('|');
         foreach (string ss in anySqlStr)
         {
          if (Str.IndexOf(ss)>=0)
          {
           ReturnValue = false;
          }
         }
        }
       }
       catch
       {
        ReturnValue = false;
       }
       return ReturnValue;
      }
      #endregion
     }

    }
  • 相关阅读:
    [Trie][并查集]JZOJ 5822 量子纠缠
    [模拟]JZOJ 5820 非法输入
    SAM模板
    [树形DP]JZOJ 5819 大逃杀
    [MST][dij]JZOJ 5818 做运动
    [暴力]JZOJ 5817 抄代码
    [概率期望][树形DP][LCA]JZOJ 5814 树
    认证组件
    注册接口
    视图家族 & 路由组件
  • 原文地址:https://www.cnblogs.com/Apollo/p/440590.html
Copyright © 2011-2022 走看看