网站防SQL注入的常用方法

  • 编辑时间: 2018-01-11
  • 浏览量: 2083
  • 作者: UU建站 

//判断是否注入
     public bool filterSql(string sSql)
     {
         string word = @"and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join|xp_|create|\|/";
         sSql = sSql.ToLower();
         if (sSql.IndexOf("'") > -1)
             return true;
         foreach (string i in word.Split('|'))
         {
             if ((sSql.IndexOf(i) > -1) || (sSql.IndexOf(i + " ") > -1) || (sSql.IndexOf(" " + i) > -1))
             {
                 return true;
             }
         }
         return false;
     }

sql参数化
参考链接:www.cnblogs.com/hantianwei/archive/0001/01/01/1519722.html



	

		     public bool filterSql(string sSql)

     {

         string word = @"and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join|xp_|create|\|/";

         //sSql = sSql.ToLower().Trim();

         sSql = sSql.ToLower();

         if (sSql.IndexOf("'") > -1)

             return true;

         foreach (string i in word.Split('|'))

         {

             if ((sSql.IndexOf(i) > -1) || (sSql.IndexOf(i + " ") > -1) || (sSql.IndexOf(" " + i) > -1))

             {

                 return true;

             }

         }

         return false;

     }
	

	

		/// <summary>

    /// 过滤SQL语句,防止注入

    /// </summary>

    /// <param name="strSql"></param>

    /// <returns>false - 没有注入, true - 有注入 </returns>

    public bool filterSql(string sSql)

    {

        int srcLen, decLen = 0;

        sSql = sSql.ToLower().Trim();

        srcLen = sSql.Length;

        sSql = sSql.Replace("exec", "");

        sSql = sSql.Replace("delete", "");

        sSql = sSql.Replace("master", "");

        sSql = sSql.Replace("truncate", "");

        sSql = sSql.Replace("declare", "");

        sSql = sSql.Replace("create", "");

        sSql = sSql.Replace("xp_", "");

        sSql = sSql.Replace("and", "");

        sSql = sSql.Replace("insert", "");

        sSql = sSql.Replace("select", "");

        sSql = sSql.Replace("or", "");

        sSql = sSql.Replace("join", "");

        sSql = sSql.Replace("'", "");

        sSql = sSql.Replace("\"", "");

        sSql = sSql.Replace("|", "");

        sSql = sSql.Replace(";", "");

        sSql = sSql.Replace("$", "");

        sSql = sSql.Replace("%", "");

        sSql = sSql.Replace("@", "");

        sSql = sSql.Replace("<", "");

        sSql = sSql.Replace(">", "");

        sSql = sSql.Replace("(", "");

        sSql = sSql.Replace(")", "");

        sSql = sSql.Replace("+", "");

        sSql = sSql.Replace("cr", "");

        sSql = sSql.Replace("lf", "");

        sSql = sSql.Replace(",", "");

        sSql = sSql.Replace("\\", "");

        decLen = sSql.Length;

        if (srcLen == decLen) return false; else return true;

    }
	

	

		

	

	

		      if (filterSql(Request.Url.ToString()))

            {



            }|\|/|\|/
	
			    
			    

			    
			        
			  


              
                 

			    	 


			    

	 		

    	

     	
     	

     		
     		
           	
           	 
        	

          		
          	

          	
	        

                

	做一个企业网站要多少钱?




	你是否也想打造一个企业网站,推广自己的产品,展示自己的企业。

请点击了解  企业网站价格?  


              	
            

	     
	        
	        

				最新推荐
	           	

	                

		                

		                    
		                

		            

		            
    
	                	
  1. 1
    2. 
	                	
  2. 2
    3. 
	                	
  3. 3
    4. 
	                	
  4. 4
    5. 
	                	
  5. 5
    6. 
	                	
  6. 6
    7.