/// <summary>
/// 检查参数(防sql注入)
/// </summary>
/// <param name="value">检查的字符串</param>
/// <returns>是否检查通过</returns>
public static bool CheckPara(ref string value)
{
if (string.IsNullOrEmpty(value))
{
return(true);
}
var rg = new Regular(value.ToUpper());
if (rg.CheckRegularFun(RegularFunction.Insert))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Update))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Select))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Alter))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Drop))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Create))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Delete))
{
return(false);
}
value = value.Replace("\\", "\\\\").Replace("'", "''");
return(true);
}
// <summary>
/// check the regular in parameters by post or get ways
/// <returns></returns>
public static bool CheckPara(NameValueCollection formParams)
{
foreach (string para in formParams)
{
var rg = new Regular(formParams[para].ToUpper());
if (rg.CheckRegularFun(RegularFunction.Insert))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Update))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Select))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Alter))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Drop))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Create))
{
return(false);
}
if (rg.CheckRegularFun(RegularFunction.Delete))
{
return(false);
}
}
return(true);
}