zoukankan      html  css  js  c++  java

  • SQL数据库注入防范 ASP.NET Globle警告

    在项目中的Global.asax页面代码中加下面的代码,就可以有效的防范简单的SQL注入。

    protected void Application_BeginRequest(Object sender, EventArgs e)
  {
         string Sql_1 = "exec |insert+ |select+ |delete |update |count |chr |mid |master+|truncate |char |declare |drop+ |drop+table |creat+ |creat+table |'+ |>=+|<+|>+|==+|-|'|;";
   string Sql_2 = "exec+ |insert+ |delete+ |update+ |count( |count+ |chr+ |+mid( |+mid+ |+master+ |truncate+ |char+ |+char( |declare+ |drop+ |creat+ |drop+table |creat+table";
   string[] sql_c = Sql_1.Split('|');
   string[] sql_c1 = Sql_2.Split('|');
   if (Request.QueryString != null)
   {
    foreach (string sl in sql_c)
    {
     if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0)
     {
      Response.Write("警告!你的IP已经被记录!");//
      Response.Write(sl);
      Response.Write(Request.QueryString.ToString());
      Response.End();
      break;
     }
    }
   }
   if (Request.Form.Count > 0)
   {
    string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
    if (Request.ServerVariables["HTTP_REFERER"] != null)
    {
     string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
     string s3 = "";
     if (s1.Length > (s2.Length - 7))
     {
      s3 = s2.Substring(7);
     }
     else
     {
      s3 = s2.Substring(7, s1.Length);
     }
     if (s3 != s1)
     {
      Response.Write("你的IP已被记录!警告!");//
      Response.End();
     }
    }
   }
  }
  • 相关阅读:
    递归获取指定盘符下的所有文件及文件夹
    单例模式和多线程有没有关系?
    eclipse启动tomcat时设置端口
    dozer转化对象
    枚举
    dubbo
    json
    配网失败问题
    esp_err_t esp_event_loop_init(system_event_cb_t cb, void *ctx);
    base64编码
  • 原文地址:https://www.cnblogs.com/Chaser-Eagle/p/3684897.html
Copyright © 2011-2022 走看看