zoukankan      html  css  js  c++  java
  • SQL数据库注入防范 ASP.NET Globle警告

    在项目中的Global.asax页面代码中加下面的代码,就可以有效的防范简单的SQL注入。

    protected void Application_BeginRequest(Object sender, EventArgs e)
      {
             string Sql_1 = "exec |insert+ |select+ |delete |update |count |chr |mid |master+|truncate |char |declare |drop+ |drop+table |creat+ |creat+table |'+ |>=+|<+|>+|==+|-|'|;";
       string Sql_2 = "exec+ |insert+ |delete+ |update+ |count( |count+ |chr+ |+mid( |+mid+ |+master+ |truncate+ |char+ |+char( |declare+ |drop+ |creat+ |drop+table |creat+table";
       string[] sql_c = Sql_1.Split('|');
       string[] sql_c1 = Sql_2.Split('|');
       if (Request.QueryString != null)
       {
        foreach (string sl in sql_c)
        {
         if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0)
         {
          Response.Write("警告!你的IP已经被记录!");//
          Response.Write(sl);
          Response.Write(Request.QueryString.ToString());
          Response.End();
          break;
         }
        }
       }
       if (Request.Form.Count > 0)
       {
        string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
        if (Request.ServerVariables["HTTP_REFERER"] != null)
        {
         string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
         string s3 = "";
         if (s1.Length > (s2.Length - 7))
         {
          s3 = s2.Substring(7);
         }
         else
         {
          s3 = s2.Substring(7, s1.Length);
         }
         if (s3 != s1)
         {
          Response.Write("你的IP已被记录!警告!");//
          Response.End();
         }
        }
       }
      }
  • 相关阅读:
    递归获取指定盘符下的所有文件及文件夹
    单例模式和多线程有没有关系?
    eclipse启动tomcat时设置端口
    dozer转化对象
    枚举
    dubbo
    json
    配网失败问题
    esp_err_t esp_event_loop_init(system_event_cb_t cb, void *ctx);
    base64编码
  • 原文地址:https://www.cnblogs.com/Chaser-Eagle/p/3684897.html
Copyright © 2011-2022 走看看