Simple Asp.net anti-SQL Injection

Preventing SQL injection is a problem that every developer must take an exam.

Asp.net has a global. asax file and has an application_beginrequest method (obtained by the application startup)

This is the event triggered when the parameters are obtained. This is the event that the website page will go through every time it is submitted. Here, anti-injection is implemented, and the entry is suddenly stuck.

Code As follows:
Protected void application_beginrequest (Object sender, eventargs E)
{
// Traverse the post parameter, except for hidden fields
Foreach (string I in this. Request. Form)
{
// Output
}
// Traverse get parameters.
Foreach (string I in this. Request. querystring)
{
// Output
}
}
In this way, all the parameters submitted on the page can be traversed. Only one "// output" is written, and no code is written. You can write repsonse. write output to see and try it. We only need to filter these parameters. If there are insecure characters, you can directly jump to it;
You can also add filters.
Public static string delsqlstr (string Str)
{
If (STR = NULL | STR = "")
Return "";
STR = Str. Replace (";","");
STR = Str. Replace ("'","");
STR = Str. Replace ("&","");
STR = Str. Replace ("% 20 ","");
STR = Str. Replace ("--","");
STR = Str. Replace ("= ","");
STR = Str. Replace ("<","");
STR = Str. Replace ("> ","");
STR = Str. Replace ("% ","");
Return STR;
}