ASP. Net method Instance parsing to prevent SQL injection

Recently took over someone else a project, found that there is a SQL injection vulnerability, because do not want to change too much code, so that parameter method of anti-injection I don't need it. Can only use the traditional stupid point of the way.

1, new Global.asax file.

2. Add the following code:

void Application_BeginRequest (object sender, EventArgs e) {bool result = false;    if (Request.RequestType.ToUpper () = = "POST") {//post way I will not write.    } else {result = Validurlgetdata (); } if (Result) {Response.Write ("The data you submitted has malicious characters!      ");    Response.End (); }}///<summary>///Get data in querystring//</summary>public static bool Validurlgetdata () {bool result = False    ; for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++) {result = Validate (httpcontext.current . Request.querystring[i].      ToString ());      if (result) {break; }//if a vulnerability has been detected} return result; public static string []strs = new string[] {"Select", "Drop", "exists", "exec", "Insert", "delete", "Update", "and", "or", " User "};//Here I add a few, we can add more ha." public static bool Validate (String str) {for (int i = 0; i < STRs. Length; i++) {if (str.        IndexOf (strs[i])! =-1) {return true;      Break }} return false;}