Example of ASP. NET method to prevent SQL injection, asp. netsql

Example of ASP. NET method to prevent SQL injection, asp. netsql

This article describes how ASP. NET prevents SQL injection. We will share this with you for your reference. The details are as follows:

I recently took over another project and found that the SQL injection vulnerability exists. Because I don't want to change too much code, I don't need to use the parameter anti-injection method. You can only use the traditional stupid method.

1. Create a Global. asax file.

2. Add the following code:

Void Application_BeginRequest (object sender, EventArgs e) {bool result = false; if (Request. requestType. toUpper () = "POST") {// I will not write the post method. } Else {result = ValidUrlGetData ();} if (result) {Response. Write ("the data you submit has malicious characters! "); Response. end () ;}/// <summary> // obtain data in QueryString /// </summary> public static bool ValidUrlGetData () {bool result = false; for (int I = 0; I <HttpContext. current. request. queryString. count; I ++) {result = Validate (HttpContext. current. request. queryString [I]. toString (); if (result) {break;} // if Vulnerability Detected} return result;} public static string [] strs = new string [] {"select ", "drop", "exists", "exec "," Insert "," delete "," update "," and "," or "," user "}; // here I add a few, you can add more. Public static bool Validate (string str) {for (int I = 0; I <strs. Length; I ++) {if (str. IndexOf (strs [I])! =-1) {return true; break;} return false ;}