zoukankan      html  css  js  c++  java

  • 发布一个.NET下防止SQL注入的类[转&未测试]

    /*
    csc.exe /t:library SqlstrAny.cs /r:C:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
     */
    using System;
    using System.Web;
    namespace Theme.Script
    {
     public class SqlstrAny : IHttpModule
     {
      public void Init(HttpApplication application)
      {
       application.BeginRequest += (new
        EventHandler(this.Application_BeginRequest));
      }
      private void Application_BeginRequest(Object source, EventArgs e)
      {
       //HttpApplication Application = (HttpApplication)source;
       //HttpResponse Response=Application.Context.Response;
       //Response.Write("<h1>Beginning of Request</h1><hr>");
       ProcessRequest pr = new ProcessRequest();
       pr.StartProcessRequest();
      }     
      public void Dispose()
      {
      }
     }

     public class ProcessRequest
     {
      #region SQL注入式攻击代码分析
      /// <summary>
      /// 处理用户提交的请求
      /// </summary>
      public void StartProcessRequest()
      {
       try
       {
        string getkeys = "";
        string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString();
        if (System.Web.HttpContext.Current.Request.QueryString != null)
        {
        
         for(int i=0;i<System.Web.HttpContext.Current.Request.QueryString.Count;i++)
         {
          getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
          if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
          {
           System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
           System.Web.HttpContext.Current.Response.End();
          }
         }
        }
        if (System.Web.HttpContext.Current.Request.Form != null)
        {
         for(int i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)
         {
          getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
          if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
          {
           System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
           System.Web.HttpContext.Current.Response.End();
          }
         }
        }
       }
       catch
       {
        // 错误处理: 处理用户提交信息!
       }
      }
      /// <summary>
      /// 分析用户请求是否正常
      /// </summary>
      /// <param name="Str">传入用户提交数据</param>
      /// <returns>返回是否含有SQL注入式攻击代码</returns>
      private bool ProcessSqlStr(string Str)
      {
       bool ReturnValue = true;
       try
       {
        if (Str != "")
        {
         string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
         string[] anySqlStr = SqlStr.Split('|');
         foreach (string ss in anySqlStr)
         {
          if (Str.IndexOf(ss)>=0)
          {
           ReturnValue = false;
          }
         }
        }
       }
       catch
       {
        ReturnValue = false;
       }
       return ReturnValue;
      }
      #endregion
     }

    }
  • 相关阅读:
    iOS:CALayer(17-12-06更)
    iOS:绘图(18-01-25更)
    iOS:动画(18-10-15更)
    iOS:文件操作相关(18-03-23更)
    iOS:SQL
    iOS开发 - OC - block的详解
    iOS开发 - Swift - 自己写的一个九宫格解锁的Demo
    关于如何使用脚本自动打包IPA文件
    iOS开发 - OC - 苹果为大家提供的后台:CloudKit 的简单使用
    iOS开发 - OC - duplicate symbol _OBJC / undefind symbol 错误的相关处理
  • 原文地址:https://www.cnblogs.com/Apollo/p/440590.html
Copyright © 2011-2022 走看看