22,209
社区成员
发帖
与我相关
我的任务
分享
protected void Application_BeginRequest(Object sender, EventArgs e)
{
StartProcessRequest();
}
public static void StartProcessRequest()
{
try
{
string getkeys = "";
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for(int i=0;i<System.Web.HttpContext.Current.Request.QueryString.Count;i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys],0))
{
System.Web.HttpContext.Current.Response.Write("<script>window.location.href=\"/error.aspx\";</script>");
System.Web.HttpContext.Current.Response.End();
}
}
}
}
catch
{
}
}
//// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="Str">传入用户提交数据</param>
/// <returns>返回是否含有SQL注入式攻击代码</returns>
private static bool ProcessSqlStr(string Str,int type)
{
string SqlStr="exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare";
bool ReturnValue = true;
try
{
Str=Str.ToLower();
if (Str != "")
{
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.IndexOf(ss)>=0)
{
ReturnValue = false;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}