I. Verification Method
/// / <Summary>
/// SQL Injection Filtering
/// </Summary>
/// <Param name = "intext"> String to be filtered </Param>
/// <Returns> Returns true if the parameter contains insecure characters. </Returns>
Public Static Bool Sqlfilter2 ( String Intext)
{
String Word = " And | exec | insert | select | Delete | update | CHR | mid | master | or | truncate | char | declare | join " ;
If (Intext = Null )
Return False ;
Foreach ( String I In Word. Split ( ' | ' ))
{
If (Intext. tolower (). indexof (I + " " ) >- 1 ) | (Intext. tolower (). indexof ( " " + I) >- 1 ))
{
Return True ;
}
}
Return False ;
}
2. Global. asax event
/// / <Summary>
/// An event is triggered when data is handed in.
/// </Summary>
/// <Param name = "sender"> </param>
/// <Param name = "E"> </param>
Protected Void Application_beginrequest (Object sender, eventargs E)
{
// Traverse post parameters, except for hidden fields
Foreach ( String I In This . Request. Form)
{
If (I = " _ Viewstate " ) Continue ;
This . Goerr ( This . Request. Form [I]. tostring ());
}
// Traverse get parameters.
Foreach ( String I In This . Request. querystring)
{
This . Goerr ( This . Request. querystring [I]. tostring ());
}
}
3. A method in global
/// <Summary>
/// Check whether the parameter contains SQL characters
/// </Summary>
/// <Param name = "TM"> </param>
Private Void Goerr ( String TM)
{
If (Wlcw. Extend. cvalidity. sqlfilter2 (TM ))
This . Response. Redirect ( " /Error.html " );
}
TheArticleReproduced from Taipa studio: http://www.dezai.cn/article_show.asp? ArticleID = 18624