Esempio n. 1
0
        /// <summary>
        /// 检查参数(防sql注入)
        /// </summary>
        /// <param name="value">检查的字符串</param>
        /// <returns>是否检查通过</returns>
        public static bool CheckPara(ref string value)
        {
            if (string.IsNullOrEmpty(value))
            {
                return(true);
            }

            var rg = new Regular(value.ToUpper());

            if (rg.CheckRegularFun(RegularFunction.Insert))
            {
                return(false);
            }
            if (rg.CheckRegularFun(RegularFunction.Update))
            {
                return(false);
            }
            if (rg.CheckRegularFun(RegularFunction.Select))
            {
                return(false);
            }
            if (rg.CheckRegularFun(RegularFunction.Alter))
            {
                return(false);
            }
            if (rg.CheckRegularFun(RegularFunction.Drop))
            {
                return(false);
            }
            if (rg.CheckRegularFun(RegularFunction.Create))
            {
                return(false);
            }
            if (rg.CheckRegularFun(RegularFunction.Delete))
            {
                return(false);
            }

            value = value.Replace("\\", "\\\\").Replace("'", "''");
            return(true);
        }
Esempio n. 2
0
 // <summary>
 /// check the regular in parameters by post or get ways
 /// <returns></returns>
 public static bool CheckPara(NameValueCollection formParams)
 {
     foreach (string para in formParams)
     {
         var rg = new Regular(formParams[para].ToUpper());
         if (rg.CheckRegularFun(RegularFunction.Insert))
         {
             return(false);
         }
         if (rg.CheckRegularFun(RegularFunction.Update))
         {
             return(false);
         }
         if (rg.CheckRegularFun(RegularFunction.Select))
         {
             return(false);
         }
         if (rg.CheckRegularFun(RegularFunction.Alter))
         {
             return(false);
         }
         if (rg.CheckRegularFun(RegularFunction.Drop))
         {
             return(false);
         }
         if (rg.CheckRegularFun(RegularFunction.Create))
         {
             return(false);
         }
         if (rg.CheckRegularFun(RegularFunction.Delete))
         {
             return(false);
         }
     }
     return(true);
 }