private void SimpleSqlInjectMethod(MYSQLInit init, string sqlValue, string[] keys)
{
#region 遍历表单值 排除report 跟订单状态
foreach (string name in keys)
{
if ("report" == name || "订单状态" == name || "__RequestVerificationToken" == name)
{
continue;
}
if (name.Contains("日期1") && Request.Form[name].IsNotEmpty())
{
var value = sqlValue.GetFieldSqlByName(name.Substring(0, name.Length - 1));
init.And(value + ">", Request.Form[name]);
continue;
}
if (name.Contains("日期2") && Request.Form[name].IsNotEmpty())
{
DateTime endTime = DateTime.Parse(Request.Form[name]).AddDays(1);
var dateStr = endTime.ToString("yyyy-MM-dd");
var value = sqlValue.GetFieldSqlByName(name.Substring(0, name.Length - 1));
init.And(value + "<", dateStr);
continue;
}
if (Request.Form[name].IsNotEmpty())
{
var value = sqlValue.GetFieldSqlByName(name);
init.And(value + " like ", "%" + Request.Form[name] + "%");
}
}
#endregion
#region 遍历订单状态
if (Request.Form["订单状态"].IsNotEmpty()) // keys.toStringMergeChar(',').Contains("订单状态")
{
var listValue = Request.Form["订单状态"].toStringArray();
var value = sqlValue.GetFieldSqlByName("订单状态");
int beginIndex = 500;
init.Builder.AppendFormat(" and {0} in (", value);
foreach (var item in listValue)
{
var indexStr = (beginIndex++).ToString();
init.Builder.Append("?Para" + indexStr + ",");
init.ParaList.Add(new MySqlParameter("?Para" + indexStr, item));
}
init.Builder.Length = init.Builder.Length - 1; // trim end , (去掉最后的 逗号)
init.Builder.Append(")");
}
#endregion
if (sqlValue.IndexOf("where", StringComparison.OrdinalIgnoreCase) < 0)
{
if (init.Builder.Length > 0)
{
if (init.Builder.ToString().IndexOf("and", StringComparison.OrdinalIgnoreCase) > -1)
{
//trimStart and
init.Builder.Remove(init.Builder.ToString().IndexOf("and", StringComparison.OrdinalIgnoreCase), 3).Insert(0, " where ");
}
}
}
}
/// <summary>
/// 解决注入 sql 攻击 高级搜索文本输入
/// <autor>郑万庚</autor>
/// </summary>
/// <param name="sqlValue"></param>
/// <param name="dic"></param>
/// <param name="init"></param>
private void SqlInjectMethod(string sqlValue, Dictionary <string, FormValue> dic, MYSQLInit init)
{
FormValue formValue = null;
string[] intStr = { "System.Single", "System.Double", "System.SByte", "System.Int32", "System.Int64", "System.UInt64", "System.Int16", "System.Int", "System.Decimal", "System.Single", "System.Double" };
string stringStr = "System.String";
string dateStr = "System.DateTime";
foreach (KeyValuePair <string, FormValue> item in dic)
{
var sqlField = "";
formValue = item.Value;
string key = item.Key;
#region 时间
if (key.Contains(dateStr))
{
sqlField = formValue.DateExit ? sqlValue.GetFieldSqlByName(formValue.name) : (formValue.SecondData ? sqlValue.GetFieldSqlByName(formValue.name) : formValue.name);
if (formValue.DateExit && formValue.SecondData)
{
init.And(sqlField + " >", formValue.value);
init.And(sqlField + " <", formValue.maxDataTime);
}
else
{
if (formValue.DateExit)
{
init.And(sqlField + " >", formValue.value);
}
else if (formValue.SecondData)
{
init.And(sqlField + " <", formValue.maxDataTime);
}
}
continue;
}
#endregion
#region 字符串
if (key.Contains(stringStr))
{
sqlField = formValue.DateExit ? sqlValue.GetFieldSqlByName(formValue.name) : formValue.name;
if (formValue.DateExit)
{
init.And(sqlField + " like", "%" + formValue.value + "%");
}
continue;
}
#endregion
#region 数字
if (intStr.InArray(key))
{
sqlField = formValue.DateExit ? sqlValue.GetFieldSqlByName(formValue.name) : formValue.name;
if (formValue.DateExit)
{
if (formValue.operatorstr.IsNotEmpty())
{
init.And(sqlField + formValue.operatorstr, formValue.value);
}
else
{
init.And(sqlField + " like", "%" + formValue.value + "%");
}
}
continue;
}
#endregion
}
if (sqlValue.IndexOf("where", StringComparison.OrdinalIgnoreCase) < 0)
{
if (init.Builder.Length > 0)
{
if (init.Builder.ToString().IndexOf("and", StringComparison.OrdinalIgnoreCase) > -1)
{
//trimStart and
init.Builder.Remove(init.Builder.ToString().IndexOf("and", StringComparison.OrdinalIgnoreCase), 3).Insert(0, " where ");
}
}
}
}
