Asp.net's strongest SQL anti-injection code
SqlConnection conn = new SqlCheck (). oconn ();
// 2nd call Methods SqlCheck. JK1986_CheckSql ();
String osql = "select count (*) from admin ";
SqlCommand ocmd = new SqlCommand (osql, conn );
Using System;
Using System. Data;
Using System. Configuration;
Using System. Web;
Using System. Web. Security;
Using System. Web. UI;
Using System. Web. UI. WebControls;
Using System. Web. UI. WebControls. WebParts;
Using System. Web. UI. HtmlControls;
Using System. Data. SqlClient;
/// <Summary>
/// Summary of SqlCheck
/// </Summary>
// # Region, # endregion is used to display more beautiful VS code and can be folded and expanded
Public class SqlCheck
{
Public SqlCheck ()
{
//
// TODO: add the constructor logic here
//
}
Public SqlConnection oconn ()
{
SqlConnection conn = new SqlConnection ();
Conn. ConnectionString = ConfigurationManager. ConnectionStrings ["StudyConnectionString"]. ToString ();
// 1st call Methods JK1986_CheckSql ();
JK1986_CheckSql ();
If (conn. State = ConnectionState. Closed)
{
Conn. Open ();
}
Return conn;
}
Public DataTable getsource (string getds)
{
SqlConnection conn = oconn ();
SqlDataAdapter da = new SqlDataAdapter (getds, conn );
DataSet ds = new DataSet ();
Da. Fill (ds, "news ");
Return ds. Tables ["news"];
}
Public static void JK1986_CheckSql ()
{
String jk1986_ SQL = "exec statements select statements drop statements alter statements exists except union statements and statements or both xor two order statements mid sequence asc statements execute statements before xp_statement shell statements insert statements update statements delete statements join statements declare invalid char should sp_oacreate should wscript. shell response xp_regwrite comment 'response; response --";
String [] jk_ SQL = jk1986_ SQL .Split ('hangzhou ');
Foreach (string jk in jk_ SQL)
{
// ----------------------- Anti-Post injection -----------------------
If (System. Web. HttpContext. Current. Request. Form! = Null)
{
For (int k = 0; k <System. Web. HttpContext. Current. Request. Form. Count; k ++)
{
String getsqlkey = System. Web. HttpContext. Current. Request. Form. Keys [k];
String getip;
If (System. Web. HttpContext. Current. Request. Form [getsqlkey]. ToLower (). Contains (jk) = true)
{
System. web. httpContext. current. response. write ("<script Language = JavaScript> alert ('asp. NET (C # version) Anti-injection program prompts you, do not submit illegal characters! Author \ n \ nBlog: http://hi.baidu.com/ahhacker86 \ n \ nBy: