Home > Developer > Web Develop
First, configure a commit event inside the Global.asax.cs without filtering all addresses to filter the address of the GET post.
<summary>
Prevent SQL injection
</summary>
<param name= "Sender" ></param>
<param name= "E" ></param>
protected void Application_BeginRequest (Object sender, EventArgs e)
{
Filter Post Parameters
String url = this. Request.Url.ToString ();
if (this. REQUEST.FORM.COUNT>0)
{
String filterurl = Filterurl (URL);
if (!url. Equals (Filterurl))
{
This. Response.Redirect (Filterurl);
}
}
Filter Get Parameters
if (this. REQUEST.QUERYSTRING.COUNT>0)
{
String filterurl = Filterurl (URL);
if (!url. Equals (Filterurl))
{
This. Response.Redirect (Filterurl);
}
}
}
<summary>
Filter special characters
</summary>
<param name= "url" ></param>
<returns></returns>
private string Filterurl (string url)
{
string replacestr = URL;
if (!string. IsNullOrEmpty (URL))
{
Replacestr = Replacestr.tolower ();
Replacestr = Replacestr.replace ("<", "");
Replacestr = Replacestr.replace (">", "");
Replacestr = Replacestr.replace ("|", "" ");
Replacestr = Replacestr.replace ("\" "," ");
Replacestr = Replacestr.replace ("'", "" ");
Replacestr = replacestr.replace ("%", "");
Replacestr = Replacestr.replace (";", "");
Replacestr = Replacestr.replace ("(", "" ");
Replacestr = Replacestr.replace (")", "" ");
Replacestr = Replacestr.replace ("+", "");
Replacestr = Replacestr.replace ("Script", "");
Replacestr = Replacestr.replace ("alert", "" ");
Replacestr = Replacestr.replace ("Select", "");
Replacestr = Replacestr.replace ("Update", "");
Replacestr = Replacestr.replace ("Insert", "");
Replacestr = Replacestr.replace ("Like", "");
Replacestr = Replacestr.replace ("applet", "" ");
Replacestr = Replacestr.replace ("Body", "");
Replacestr = Replacestr.replace ("Embed", "" ");
Replacestr = Replacestr.replace ("Frame", "");
Replacestr = replacestr.replace ("html", "");
Replacestr = Replacestr.replace ("iframe", "");
Replacestr = Replacestr.replace ("img", "");
Replacestr = Replacestr.replace ("Style", "");
Replacestr = Replacestr.replace ("Layer", "");
Replacestr = Replacestr.replace ("link", "");
Replacestr = Replacestr.replace ("Ilayer", "" ");
Replacestr = Replacestr.replace ("meta", "");
Replacestr = Replacestr.replace ("Object", "");
}
return replacestr;
}
Here is the diagram:
Asp.neturl address anti-injection filtering problem
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
