Prevent SQL injection with Httpapplicaton request pipeline

HttpApplicationThe request is processed through the event pipeline, noting that the data is filtered for the request and processed by the filter appropriate handler according to the type of the request Handler .
Pipeline injection is implemented by two kinds of interfaces IHttpModule , and another Global method is added in a direct class.
SQL injects Web site security threats, off-guard methods: one that does not allow sensitive data requests, one that filters sensitive data in heavy strings. Requires all user requests to be handled in the BeginRequest event (or an AOP program).

CODE

SQL Injection Processing Classes

public class Sqlinjectionhelper {public static bool Validurldata (string request) {bool Resul            T = false; Get POS Data if (Request = = "POST") {for (int i = 0; i < HTTPCONTEXT.CURRENT.REQUEST.F Orm. Count; i++) {result = ValidData (Httpcontext.current.request.form[i].                    ToString ());                    if (result) {break; }}}//Gets the data in querystring else {for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++) {result = ValidData (Httpcontext.current.request.querystring[i].                    ToString ());                    if (result) {break;        }}} return result;     }//<summary>//To determine if there is an injected code   </summary>//<param name= "Inputdata" ></param>//<returns></returns> private static bool ValidData (string inputdata) {if (Regex.IsMatch (Inputdata, getregexstring ())            ) {return true;            } else {return false; }}///<summary>//Get regular expressions////</summary>//<returns>&lt ;/returns> private static string getregexstring () {string[] Strbadchar = {"and", "Exec", "ins ert "," select "," Delete "," Update "," Count "," from "," Drop "," ASC "," char "," or ","% ","; ",": "," \ "," \ "", "-", "ch  R "," Mid "," Master "," Truncate "," char "," declare "," SiteName "," Net User "," xp_ Cmdshell ","/add "," exec master. " Dbo.            Xp_ Cmdshell "," net localgroup Administrators "};            String Str_regex = ". * ("; for (int i = 0; i < Strbadchar.lenGth-1;            i++) {Str_regex + = Strbadchar[i] + "|";            } Str_regex + = Strbadchar[strbadchar.length-1] + "). *";        return Str_regex; }    }

Add to Global class

        void Application_BeginRequest(object sender,EventArgs e)        {            bool result = false;            result = SQLInjectionHelper.ValidUrlData(Request.RequestType.ToUpper());            if (result)            {                Response.Write("您提交的数据有恶意字符");                Response.End();            }        }

Prevent SQL injection with Httpapplicaton request pipeline