public static string GetInStrReverse(string inStr, string columnName)
{
var retVal = string.Empty;
inStr = AttackUtils.FilterSql(inStr);
if (WebConfigUtils.DatabaseType == DatabaseType.MySql)
{
retVal = $"INSTR('{inStr}', {columnName}) > 0";
}
else if (WebConfigUtils.DatabaseType == DatabaseType.SqlServer)
{
retVal = $"CHARINDEX({columnName}, '{inStr}') > 0";
}
else if (WebConfigUtils.DatabaseType == DatabaseType.PostgreSql)
{
retVal = $"POSITION({columnName} IN '{inStr}') > 0";
}
else if (WebConfigUtils.DatabaseType == DatabaseType.Oracle)
{
retVal = $"INSTR('{inStr}', {columnName}) > 0";
}
return(retVal);
}
public static string EvalString(object dataItem, string name)
{
var o = Eval(dataItem, name);
var value = o?.ToString() ?? string.Empty;
if (!string.IsNullOrEmpty(value))
{
value = AttackUtils.UnFilterSql(value);
}
if (WebConfigUtils.DatabaseType == DatabaseType.Oracle && value == OracleEmptyValue)
{
value = string.Empty;
}
return(value);
}
public static NameValueCollection GetQueryStringFilterXss(string url)
{
if (string.IsNullOrEmpty(url) || url.IndexOf("?", StringComparison.Ordinal) == -1)
{
return(new NameValueCollection());
}
var attributes = new NameValueCollection();
var querystring = url.Substring(url.IndexOf("?", StringComparison.Ordinal) + 1);
var originals = TranslateUtils.ToNameValueCollection(querystring);
foreach (string key in originals.Keys)
{
attributes[key] = AttackUtils.FilterXss(originals[key]);
}
return(attributes);
}
