/// <summary>
/// 返回解码后的string字符串
/// </summary>
public static String GetQueryEncodeString(string str, bool safe)
{
string value = GetQueryEncodeString(str);
if (safe && !Utils.IsSafeSqlString(value))
{
return(string.Empty);
}
return(value);
}
/// <summary>
/// 获得指定表单参数的值
/// </summary>
/// <param name="strName">表单参数</param>
/// <param name="sqlSafeCheck">是否进行SQL安全检查</param>
/// <returns>表单参数的值</returns>
public static string GetFormString(string strName, bool sqlSafeCheck)
{
if (HttpContext.Current.Request.Form[strName] == null)
{
return("");
}
if (sqlSafeCheck && !Utils.IsSafeSqlString(HttpContext.Current.Request.Form[strName]))
{
return("unsafe string");
}
return(HttpContext.Current.Request.Form[strName]);
}