/// < summary>
/// 分析用户请求是否正常
/// < /summary>
/// < param name="Str">传入用户提交数据< /param>
/// < returns>返回是否含有SQL注入式攻击代码< /returns>
public static bool ProcessSqlStr(string str, int type = 1)
{
string SqlStr;
if (type == 1)
{
SqlStr = "exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare ";
}
else
{
SqlStr = "'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare";
}
bool returnValue = true;
try
{
if (!string.IsNullOrEmpty(str))
{
string[] anySqlStr = SqlStr.Split('|');
foreach (string s in anySqlStr)
{
if (str.IndexOf(s, StringComparison.OrdinalIgnoreCase) != -1)
{
returnValue = false;
}
}
}
}
catch
{
returnValue = false;
}
return(returnValue);
}
/// <summary>
/// 检验用户提交的数据是否正常
/// </summary>
/// <param name="Str">用户提交的数据</param>
/// <param name="type">1:更新 0:是查询</param>
/// <returns></returns>
public static bool ProcessSqlStr(string Str, int type)
{
string SqlStr;
if (type == 1)
{
SqlStr = "exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare ";
}
else
{
SqlStr = "'|and |exec |insert |select |delete |update |count |*|chr |mid |master |truncate |char |declare ";
}
bool ReturnValue = true;
try
{
if (Str != "")
{
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.IndexOf(ss) >= 0)
{
ReturnValue = false;
}
}
}
}
catch
{
ReturnValue = false;
}
return(ReturnValue);
}
private static bool ProcessSqlStr(string col, string Str, int type)
{
if (Str.Length == 0)
{
return(true);
}
string SqlStr;
if (type == 0) //QueryString
{
SqlStr = "'|exists| and |exec|insert |select |delete |update |count|*|chr|mid|master|truncate |char|declare |script";
}
else //Form
{
//SqlStr = "'|exec |insert |select |delete |update |count |chr|mid|master |truncate |char |declare |and |script";
SqlStr = "exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare |and |script";
}
string path = HttpContext.Current.Request.ServerVariables["Url"].ToLower();
if (path.IndexOf("/system/") > -1)
{
return(true); //排除目录
}
if (path.IndexOf("/manage/") > -1)
{
return(true); //排除目录
}
if (path.IndexOf("/systemhui/") > -1)
{
return(true); //排除目录
}
bool ReturnValue = true;
try
{
if (Str != "")
{
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.ToLower().IndexOf(ss) >= 0)
{
ReturnValue = false;
}
}
}
}
catch
{
ReturnValue = false;
}
return(ReturnValue);
}