In the following three steps, we believe that the program will be safer and the maintenance of the entire website will become simpler.
I. Data Verification:
ParameterCheck. cs
Copy codeThe Code is as follows:
Public class parameterCheck {
Public static bool isEmail (string emailString ){
Return System. text. regularExpressions. regex. isMatch (emailString, "['\ w _-] + (\\. ['\ w _-] +) * @ [' \ w _-] + (\\. ['\ w _-] + )*\\. [a-zA-Z] {2, 4 }");
}
Public static bool isInt (string intString ){
Return System. text. regularExpressions. regex. isMatch (intString, "^ (\ d {5}-\ d {4}) | (\ d {5}) $ ");
}
Public static bool isUSZip (string zipString ){
Return System. Text. RegularExpressions. Regex. IsMatch (zipString, "^-[0-9] + $ | ^ [0-9] + $ ");
}
}
Ii. Web. config
In your Web. config file, add a tag under <etettings> as follows:
Copy codeThe Code is as follows:
<Deleetask>
<Add key = "safeParameters" value = "OrderID-int32, mermeremail-email, ShippingZipcode-USzip"/>
</AppSettings>
Key is the value after <saveParameters> is "OrderId-int32", where "-" indicates the name of the parameter, such as OrderId, and int32 indicates the data type.
Iii. Global. asax
Add the following section to Global. asax:
Copy codeThe Code is as follows:
Protected void Application_BeginRequest (Object sender, EventArgs e ){
String [] safeParameters = System. Configuration. ConfigurationSettings. deleettings ["safeParameters"]. ToString (). Split (',');
For (int I = 0; I <safeParameters. Length; I ++ ){
String parameterName = safeParameters [I]. Split ('-') [0];
String parameterType = safeParameters [I]. Split ('-') [1];
IsValidParameter (parameterName, parameterType );
}
}
Public void isValidParameter (string parameterName, string parameterType ){
String parameterValue = Request. QueryString [parameterName];
If (parameterValue = null) return;
If (parameterType. Equals ("int32 ")){
If (! ParameterCheck. isInt (parameterValue) Response. Redirect ("parameterError. aspx ");
}
Else if (parameterType. Equals ("double ")){
If (! ParameterCheck. isDouble (parameterValue) Response. Redirect ("parameterError. aspx ");
}
Else if (parameterType. Equals ("USzip ")){
If (! ParameterCheck. isUSZip (parameterValue) Response. Redirect ("parameterError. aspx ");
}
Else if (parameterType. Equals ("email ")){
If (! ParameterCheck. isEmail (parameterValue) Response. Redirect ("parameterError. aspx ");
}
}
In the future, we only need to modify the above three files. The maintenance of the entire system will greatly improve the efficiency, of course, you can add other variable parameters and data types as needed.