110,533
社区成员
发帖
与我相关
我的任务
分享
//插入数据
try
{
StringBuilder sbSql = new StringBuilder();
sbSql.Append(@"insert into vw_member_info_web
(
MEM_NAME,
PASSWORD,
SEX,
MOBILE,
LIC_TYPE_ID,
LIC_NO,HOME_PHONE,
MAIL,
ZIP,
DETAIL_ADDR,
DVR_LIC_NO,
REG_MODE,
RECOMMEND_NAME,
KNOW_MODE_DESC,
CRE_USER,
CRE_USER_ID");
if (!string.IsNullOrEmpty(getDrivLiceDay))
{
sbSql.Append(",DVR_LIC_BGN_DATE");
}
if (!string.IsNullOrEmpty(birthday))
{
sbSql.Append(",BIRTHDAY");
}
sbSql.Append(@")
values
(
:userName,
:pwd,
:sex,
:mobile,
:cretType,
:cretNo,:fixedPhone,
:mail,
:postCode,
:address,
:dvrLicNo,
:reg_mode,
:recomName,
:knowDesc,
:cre_user,
:cre_user_id");
if (!string.IsNullOrEmpty(getDrivLiceDay))
{
sbSql.Append(",:dvrLicDate");
}
if (!string.IsNullOrEmpty(birthday))
{
sbSql.Append(",:birthday");
}
sbSql.Append(")");
List<OracleParameter> listPrams = new List<OracleParameter>();
listPrams.Add(new OracleParameter(":userName", userName));
listPrams.Add(new OracleParameter(":pwd", pwd));
listPrams.Add(new OracleParameter(":sex", sex));
listPrams.Add(new OracleParameter(":mobile", mobileNo));
listPrams.Add(new OracleParameter(":cretType", GetLicType(cretType)));
listPrams.Add(new OracleParameter(":cretNo", cretNo));
listPrams.Add(new OracleParameter(":fixedPhone", fixedPhone));
listPrams.Add(new OracleParameter(":mail", email));
listPrams.Add(new OracleParameter(":postCode", postCode));
listPrams.Add(new OracleParameter(":address", contactAdd));
listPrams.Add(new OracleParameter(":dvrLicNo", drivLicense));
listPrams.Add(new OracleParameter(":recomName", referee));
listPrams.Add(new OracleParameter(":knowDesc", couponCode));
listPrams.Add(new OracleParameter(":reg_mode", "网站注册"));
listPrams.Add(new OracleParameter(":cre_user", "网站"));
listPrams.Add(new OracleParameter(":cre_user_id", "134"));
//生日不为空并且领取驾照日期不为空
if (!string.IsNullOrEmpty(birthday) && !string.IsNullOrEmpty(getDrivLiceDay))
{
listPrams.Add(new OracleParameter(":dvrLicDate", Convert.ToDateTime(getDrivLiceDay)));
listPrams.Add(new OracleParameter(":birthday", Convert.ToDateTime(birthday)));
}
else
{
//生日不为空并且领取驾照日期为空
if (!string.IsNullOrEmpty(birthday) && string.IsNullOrEmpty(getDrivLiceDay))
{
listPrams.Add(new OracleParameter(":birthday", Convert.ToDateTime(birthday)));
}
else if (string.IsNullOrEmpty(birthday) && !string.IsNullOrEmpty(getDrivLiceDay))//生日为空并且领取驾照日期不为空
{
listPrams.Add(new OracleParameter(":dvrLicDate", Convert.ToDateTime(getDrivLiceDay)));
}
}
OracleParameter[] prams = listPrams.ToArray();
int re = Convert.ToInt32(SQLHelper.ExecuteNonQuery(conStr, CommandType.Text, sbSql.ToString(), prams));
if (re == 1)
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('注册成功!');</script>");
string tempUserName = txtUserName.Text;
Response.Write("<script>window.location.href='RegisteredSucc.aspx?userName=" + HttpUtility.UrlEncode(tempUserName) + "';</script>");
}
else
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('注册失败!');</script>");
}
}
catch (Exception ex){ }
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
void Application_BeginRequest(object sender, EventArgs e)
{
this.StartProcessRequest();
}
/// <summary>
/// 处理用户提交的请求
/// </summary>
private void StartProcessRequest()
{
try
{
string getkeys = "";
// 检测GET方法
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.End();
}
}
}
// 检测POST方法
if (System.Web.HttpContext.Current.Request.Form != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
if (getkeys == "__VIEWSTATE") continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
System.Web.HttpContext.Current.Response.End();
}
}
}
}
catch
{
}
}
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="Str">传入用户提交数据 </param>
/// <returns>返回是否含有SQL注入式攻击代码 </returns>
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str.Trim() != "")
{
string[] anySqlStr = new string[] { "truncate ", "declare ", "nvarchar(", "varchar(", "sysobjects" };
foreach (string ss in anySqlStr)
{
if (Str.ToLower().IndexOf(ss) >= 0)
{
ReturnValue = false;
break;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
<summary>
///SQL注入过滤
/// </summary>
/// <param name="InText">要过滤的字符串</param>
/// <returns>如果参数存在不安全字符,则返回true</returns>
public static bool SqlFilter2(string InText)
{
string word="and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join";
if(InText==null)
return false;
foreach(string i in word.Split('|'))
{
if((InText.ToLower().IndexOf(i+" ")>-1)||(InText.ToLower().IndexOf(" "+i)>-1))
{
return true;
}
}
return false;
}