public static string GetInStrReverse(string inStr, string columnName) { var retVal = string.Empty; inStr = AttackUtils.FilterSql(inStr); if (WebConfigUtils.DatabaseType == DatabaseType.MySql) { retVal = $"INSTR('{inStr}', {columnName}) > 0"; } else if (WebConfigUtils.DatabaseType == DatabaseType.SqlServer) { retVal = $"CHARINDEX({columnName}, '{inStr}') > 0"; } else if (WebConfigUtils.DatabaseType == DatabaseType.PostgreSql) { retVal = $"POSITION({columnName} IN '{inStr}') > 0"; } else if (WebConfigUtils.DatabaseType == DatabaseType.Oracle) { retVal = $"INSTR('{inStr}', {columnName}) > 0"; } return(retVal); }
public static string EvalString(object dataItem, string name) { var o = Eval(dataItem, name); var value = o?.ToString() ?? string.Empty; if (!string.IsNullOrEmpty(value)) { value = AttackUtils.UnFilterSql(value); } if (WebConfigUtils.DatabaseType == DatabaseType.Oracle && value == OracleEmptyValue) { value = string.Empty; } return(value); }
public static NameValueCollection GetQueryStringFilterXss(string url) { if (string.IsNullOrEmpty(url) || url.IndexOf("?", StringComparison.Ordinal) == -1) { return(new NameValueCollection()); } var attributes = new NameValueCollection(); var querystring = url.Substring(url.IndexOf("?", StringComparison.Ordinal) + 1); var originals = TranslateUtils.ToNameValueCollection(querystring); foreach (string key in originals.Keys) { attributes[key] = AttackUtils.FilterXss(originals[key]); } return(attributes); }