Add a node in Web. config
Code
<! --Prevent SQL injection and filter characters-->
<Add key="Sqlfilter"Value="And | exec | insert | select | Delete | update | CHR | mid | master | or | truncate | char | declare | join |'"/>
Code
/// <Summary>
/// SQL Injection Filtering
/// </Summary>
/// <Param name = "intext"> String to be filtered </Param>
/// <Returns> Returns true if the parameter contains insecure characters. </Returns>
Public Bool Sqlfilter ( String Intext)
{
String Word = System. configuration. configurationmanager. configurettings [ " Sqlfilter " ];
If ( String . Isnullorempty (Word )) Return False ;
If (Intext = Null )
Return False ;
Foreach ( String Str_t In Word. Split ( ' | ' ))
{
If (Intext. tolower (). indexof (str_t + " " ) > - 1 ) | (Intext. tolower (). indexof ( " " + Str_t) > - 1 ) | (Intext. tolower (). indexof (str_t) > - 1 ))
{
Return True ;
}
}
Return False ;
}
Call:
Code
# Region Prevent SQL Injection
If (T. sqlfilter (tbaddetime. Text )) Return ;
If (T. sqlfilter (tbaddstime. Text )) Return ;
If (T. sqlfilter (tbblackvalue. Text )) Return ;
If (T. sqlfilter (tbchangeetime. Text )) Return ;
If (T. sqlfilter (tbchangestime. Text )) Return ;
If (T. sqlfilter (ddlstatus. selectedvalue. tostring ())) Return ;
If (T. sqlfilter (ddltype. selectedvalue. tostring ())) Return ;
# Endregion