/// <summary>
/// 检查调用存储过程时相关的参数是否有注入的风险
/// </summary>
/// <param name="dm"></param>
/// <param name="val"></param>
/// <returns></returns>
private bool CheckInjectAttackForSp(DbCommand dm, object val)
{
if (!CheckStoredProcedurePara)
{
return(false);
}
if (dm == null)
{
return(false);
}
if (dm.CommandType != CommandType.StoredProcedure)
{
return(false);
}
if (val == null || val is DBNull)
{
return(false);
}
if (!(val is string))
{
return(false);
}
if (!SqlInjectionReject.CheckMssqlParameter(val.ToString()))
{
return(true);
}
return(false);
}
/// <summary>
/// 检查调用存储过程时相关的参数是否有注入的风险
/// </summary>
private bool CheckInjectAttackForSp(DbCommand dm)
{
if (!CheckStoredProcedurePara)
{
return(false);
}
if (dm == null)
{
return(false);
}
if (dm.CommandType != CommandType.StoredProcedure)
{
return(false);
}
if (dm.Parameters.Count == 0)
{
return(false);
}
for (var i = 0; i < dm.Parameters.Count; i++)
{
if (dm.Parameters[i].Value == null || dm.Parameters[i].Value is DBNull)
{
continue;
}
if (!(dm.Parameters[i].Value is string))
{
continue;
}
if (!SqlInjectionReject.CheckMssqlParameter(dm.Parameters[i].Value.ToString()))
{
return(true);
}
}
return(false);
}