SQL Injection prevention

Add this section to the file global. asax.
Void application_beginrequest (Object source, eventargs E)
{

Comp. processrequest Pr = new Comp. processrequest ();
Pr. startprocessrequest ();
}

Create a C # class file named processrequest. CS.
Then copy the entire file below.

Using system;
Using system. Data;
Using system. configuration;
Using system. Web;
Using system. Web. Security;
Using system. Web. UI;
Using system. Web. UI. webcontrols;
Using system. Web. UI. webcontrols. webparts;
Using system. Web. UI. htmlcontrols;

Namespace comp
{
Public class processrequest
{
Public void startprocessrequest ()
{
Try
{
String getkeys = "";
String sqlerrorpage = "/";
If (system. Web. httpcontext. Current. Request. querystring! = NULL)
{

For (INT I = 0; I <system. Web. httpcontext. Current. Request. querystring. Count; I ++)
{
Getkeys = system. Web. httpcontext. Current. Request. querystring. Keys [I];
If (! Processsqlstr (system. Web. httpcontext. Current. Request. querystring [getkeys]. tolower ()))
{
System. Web. httpcontext. Current. response. Redirect (sqlerrorpage );
System. Web. httpcontext. Current. response. End ();
}
}
}
}
Catch
{

}
}
/**/
/// <Summary>
/// Analyze whether the user request is normal
/// </Summary>
/// <Param name = "str"> input user to submit data </param>
/// <Returns> whether SQL injection attack code is returned </returns>
Private bool processsqlstr (string Str)
{
Bool returnvalue = true;
Try
{
If (STR! = "" & Str! = NULL)
{
String sqlstr = "";
If (sqlstr = "" | sqlstr = NULL)
{
Sqlstr = "'| and | exec | insert | select | Delete | update | count | * | CHR | mid | master | truncate | char | declare ";
}
String [] anysqlstr = sqlstr. Split ('| ');
Foreach (string SS in anysqlstr)
{
If (Str. indexof (SS)> = 0)
{
Returnvalue = false;
}
}
}
}
Catch
{
Returnvalue = false;
}
Return returnvalue;
}
}
}