asp.net防注入代碼

///  <summary>           /// 在 Application_BeginRequest中加入函數StartProcessRequest()         ///  </summary>           protected void Application_BeginRequest(Object sender, EventArgs e)        {                     StartProcessRequest();         } #region SQL注入式攻擊程式碼分析           / //  <summary>           /// 處理使用者提交的請求           ///  </summary>           private void StartProcessRequest()           {               try               {                   string getkeys = "";                   string sqlErrorPage = "/default.aspx";//如果有非法參數,轉向的錯誤提示頁面                   if (System.Web.HttpContext.Current.Request.QueryString != null)                   {                       for (int i = 0; i  < System.Web.HttpContext.Current.Request.QueryString.Count; i++)                       {                           getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys;                           if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))                           {                               System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);                               System.Web.HttpContext.Current.Response.End();                           }                       }                   }                   if (System.Web.HttpContext.Current.Request.Form != null)                   {                       for (int i = 0; i  < System.Web.HttpContext.Current.Request.Form.Count; i++)                       {                           getkeys = System.Web.HttpContext.Current.Request.Form.Keys;                           if (getkeys == "__VIEWSTATE") continue;                           if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))                           {                               System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);                               System.Web.HttpContext.Current.Response.End();                           }                       }                   }                                  if (System.Web.HttpContext.Current.Request.Cookies != null)                   {                       for (int i = 0; i  < System.Web.HttpContext.Current.Request.Cookies.Count; i++)                       {                           getkeys = System.Web.HttpContext.Current.Request.Cookies.Keys;                          if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Cookies[getkeys].ToString()))                           {                               System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);                               System.Web.HttpContext.Current.Response.End();                           }                       }                   }               }               catch               {                   // 錯誤處理: 處理使用者提交資訊!               }           }           ///  <summary>           /// 分析使用者請求是否正常           ///  </summary>           ///  <param name="Str">傳入使用者提交資料  </param>           ///  <returns>返回是否含有SQL注入式攻擊代碼  </returns>           private bool ProcessSqlStr(string Str)           {               bool ReturnValue = true;              t ry               {                   if (Str.Trim() != "")                   {                       string SqlStr = "and |exec |insert |select |delete |update |count |* |chr |mid |master |truncate |char |declare";                       string[] anySqlStr = SqlStr.Split('|');                       f oreach (string ss in anySqlStr)                       {                           if (Str.ToLower().IndexOf(ss) >= 0)                           {                               ReturnValue = false;                               break;                           }                       }                   }               }               catch               {                   ReturnValue = false;               }              return ReturnValue;           }           #endregion [/pre]