在web.config添加节点
Code
Code
/// <summary>
/// SQL注入过滤
/// </summary>
/// <param name="InText">要过滤的字符串</param>
/// <returns>如果参数存在不安全字符,则返回true</returns>
public bool SqlFilter(string InText)
{
string word = System.Configuration.ConfigurationManager.AppSettings["SqlFilter"];
if (string.IsNullOrEmpty(word)) return false;
if (InText == null)
return false;
foreach (string str_t in word.Split('|'))
{
if ((InText.ToLower().IndexOf(str_t + " ") > -1) || (InText.ToLower().IndexOf(" " + str_t) > -1) || (InText.ToLower().IndexOf(str_t) > -1))
{
return true;
}
}
return false;
}
/// <summary>
/// SQL注入过滤
/// </summary>
/// <param name="InText">要过滤的字符串</param>
/// <returns>如果参数存在不安全字符,则返回true</returns>
public bool SqlFilter(string InText)
{
string word = System.Configuration.ConfigurationManager.AppSettings["SqlFilter"];
if (string.IsNullOrEmpty(word)) return false;
if (InText == null)
return false;
foreach (string str_t in word.Split('|'))
{
if ((InText.ToLower().IndexOf(str_t + " ") > -1) || (InText.ToLower().IndexOf(" " + str_t) > -1) || (InText.ToLower().IndexOf(str_t) > -1))
{
return true;
}
}
return false;
}
调用:
Code
#region 防止sql注入
if (t.SqlFilter(tbAddEtime.Text)) return;
if (t.SqlFilter(tbAddStime.Text)) return;
if (t.SqlFilter(tbBlackValue.Text)) return;
if (t.SqlFilter(tbChangeEtime.Text)) return;
if (t.SqlFilter(tbChangeStime.Text)) return;
if (t.SqlFilter(ddlStatus.SelectedValue.ToString())) return;
if (t.SqlFilter(ddltype.SelectedValue.ToString())) return;
#endregion
#region 防止sql注入
if (t.SqlFilter(tbAddEtime.Text)) return;
if (t.SqlFilter(tbAddStime.Text)) return;
if (t.SqlFilter(tbBlackValue.Text)) return;
if (t.SqlFilter(tbChangeEtime.Text)) return;
if (t.SqlFilter(tbChangeStime.Text)) return;
if (t.SqlFilter(ddlStatus.SelectedValue.ToString())) return;
if (t.SqlFilter(ddltype.SelectedValue.ToString())) return;
#endregion