Database anti-Script Injection

Last Update:2013-11-20 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Website security is very important. Therefore, a website must have basic defense measures against attacks, such as script attacks, cross-origin attacks, and database injection attacks. The following describes the using System and using System used to prevent Database SQL Script Injection. collections. generic; using System. text; namespace NZS. common {public class Filter {// <summary> // checks whether dangerous characters exist (prevents SQL injection) /// </summary> /// <param name = "contents"> pre-check content </param> /// <returns> returns True or false </returns> public static bool HasSqlKeywords (string contents) {bool ReturnValue = false; if (contents. length> 0) {string LowerStr = contents. toLower (); string RxStr = @ "(/sand/s) | (/slike/s) | (select/s) | (insert/s) | (delete/s) | (update/s [/s/S]. */sset) | (create/s) | (/stable) | (<[iframe |/iframe | script |/script]) | (') | (/sexec) | (declare) | (/struncate) | (/smaster) | (/sbackup) | (/smid) | (/scount) | (cast) | (%) | (/sadd/s) | (/salter/s) | (/sdrop/s) | (/sfrom/s) | (/struncate/s) | (/sxp_cmdshell/s) "; // Match checks the keywords and special characters in the database, such as single quotes System. text. regularExpressions. regex Rx = new System. text. regularExpressions. regex (RxStr); ReturnValue = Rx. isMatch (LowerStr, 0);} return ReturnValue ;} /// <summary> /// filter the injection script in the SQL statement string /// </summary> /// <param name = "str"> input string </param >/// <returns> filtered string </returns> public static string SqlFilter (string str) {str = str. replace ("", "'' "); // Replace single quotes with two single quotes str = str. replace ("'", "'"); // Replace the half-width block with the full-width block to prevent multiple statements from executing str = str. replace (";", ";"); // Replace the half angle brackets with the full angle brackets str = str. replace ("(", "("); str = str. replace (")", "); // Replace with a regular expression, prevent uppercase/lowercase letters ///////////////////////remove the command keyword str = str for executing the stored procedure. replace ("Exec", ""); str = str. replace ("Execute", ""); // remove the system stored procedure or extended stored procedure keyword str = str. replace ("xp _", "x p _"); str = str. replace ("sp _", "s p _"); // prevents hex injection of str = str. replace ("0x", "0 x"); return str ;}}}

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Database anti-Script Injection

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support