/// <summary> /// 检查参数(防sql注入) /// </summary> /// <param name="value">检查的字符串</param> /// <returns>是否检查通过</returns> public static bool CheckPara(ref string value) { if (string.IsNullOrEmpty(value)) { return(true); } var rg = new Regular(value.ToUpper()); if (rg.CheckRegularFun(RegularFunction.Insert)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Update)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Select)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Alter)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Drop)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Create)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Delete)) { return(false); } value = value.Replace("\\", "\\\\").Replace("'", "''"); return(true); }
// <summary> /// check the regular in parameters by post or get ways /// <returns></returns> public static bool CheckPara(NameValueCollection formParams) { foreach (string para in formParams) { var rg = new Regular(formParams[para].ToUpper()); if (rg.CheckRegularFun(RegularFunction.Insert)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Update)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Select)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Alter)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Drop)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Create)) { return(false); } if (rg.CheckRegularFun(RegularFunction.Delete)) { return(false); } } return(true); }