public void ProcessRequest(HttpContext context) { try { string formData = context.Request.Form["Form"]; if (string.IsNullOrEmpty(formData)) { SyncResponse response = new SyncResponse(); response.Success = false; response.ErrorMsg = "没有找到相应的数据包!"; response.RequestID = ""; response.Data = null; context.Response.Write(JsonHelper.EncodeJson(response)); context.Response.End(); return; } SyncForm form = JsonHelper.DecodeJson <SyncForm>(formData); if (form == null) { SyncResponse response = new SyncResponse(); response.Success = false; response.ErrorMsg = "没有找到相应的数据包!"; response.RequestID = ""; response.Data = null; context.Response.Write(JsonHelper.EncodeJson(response)); context.Response.End(); return; } string serviceID = form.SKEY; if (string.IsNullOrEmpty(serviceID)) { SyncResponse response = new SyncResponse(); response.Success = false; response.ErrorMsg = "没有指定处理方法!"; response.RequestID = form.RID; response.Data = null; context.Response.Write(JsonHelper.EncodeJson(response)); context.Response.End(); return; } else { Type objType = Type.GetType("Kingsun.SmarterClassroom.BLL." + serviceID.Trim() + ",Kingsun.SmarterClassroom.BLL"); if (objType != null) { string package = form.Pack; string returnStr = null; if (String.IsNullOrEmpty(package)) { //返回错误信息 returnStr = SyncResponse.GetErrorResponseString("无法找到参数包"); } else { SyncRequest request = SyncRequest.DecodeRequest(package); if (request == null) { returnStr = SyncResponse.GetErrorResponseString("参数包解析失败"); } else { BaseImplement obj = Activator.CreateInstance(objType) as BaseImplement; SyncResponse response; if (obj != null) { try { if ((request.Data != null) && (request.Data != String.Empty)) { //验证传递参数是否存在SQL攻击嫌疑 //true - 有注入, false - 没有注入 bool result = Utils.filterSql(request.Data); if (result) { response = SyncResponse.GetErrorResponse("有SQL攻击嫌疑,请停止操作。"); } else { response = obj.ProcessRequest(request); } //response = obj.ProcessRequest(request); } else { response = SyncResponse.GetErrorResponse("无法获取参数,请联系管理员。"); } } catch (Exception ex) { response = SyncResponse.GetErrorResponse("服务接口内部错误,请联系管理员。" + ex.Message, request); } } else { response = SyncResponse.GetErrorResponse("无法实例化服务接口!", request); } returnStr = JsonHelper.EncodeJson(response); } } context.Response.Write(returnStr); } else { SyncResponse response = new SyncResponse(); response.Success = false; response.ErrorMsg = "无法确定处理程序!"; response.RequestID = form.RID; response.Data = null; context.Response.Write(JsonHelper.EncodeJson(response)); context.Response.End(); } } } catch { SyncResponse response = new SyncResponse(); response.Success = false; response.ErrorMsg = "后台处理异常。"; response.RequestID = ""; response.Data = null; context.Response.Write(JsonHelper.EncodeJson(response)); context.Response.End(); } }