调试易

#region SQL注入式攻击代码分析
        /// <summary> 
        /// 处理用户提交的请求 
        /// </summary> 
        private void StartProcessRequest()
        {
            try
            {
                string getkeys = "";                if (System.Web.HttpContext.Current.Request.QueryString != null)
                {                    for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
                    {
                        getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
                        if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
                        {
                            System.Web.HttpContext.Current.Response.Write("<h3>不能包含执行语句</h3>");
                            System.Web.HttpContext.Current.Response.End();
                        }
                    }
                }
                if (System.Web.HttpContext.Current.Request.Form != null)
                {
                    for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
                    {
                        getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
                        if (getkeys == "__VIEWSTATE") continue;
                        if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
                        {
                            jcFAQApp.FAQ_Util.Log.WriteMessage("<font color:red>注入攻击</red>", System.Web.HttpContext.Current.Request.UserHostAddress.ToString());
                            System.Web.HttpContext.Current.Response.Write("<h3>不能包含执行语句</h3>");
                            System.Web.HttpContext.Current.Response.End();
                        }
                    }
                }
            }
            catch
            {            }
        }
        /// <summary> 
        /// 分析用户请求是否正常 
        /// </summary> 
        /// <param name="Str">传入用户提交数据 </param> 
        /// <returns>返回是否含有SQL注入式攻击代码 </returns> 
        private bool ProcessSqlStr(string Str)
        {
            bool ReturnValue = true;
            try
            {
                if (Str.Trim() != "")
                {
                    //string SqlStr = "and ¦exec ¦insert ¦select ¦delete ¦update ¦count ¦* ¦chr ¦mid ¦master ¦truncate ¦char ¦declare";
                    string SqlStr = "exec ¦insert ¦select ¦delete ¦update ¦mid ¦master ¦truncate ¦declare";
                    string[] anySqlStr = SqlStr.Split('¦');
                    foreach (string ss in anySqlStr)
                    {
                        if (Str.ToLower().IndexOf(ss) >= 0)
                        {
                            ReturnValue = false;
                            break;
                        }
                    }
                }
            }
            catch
            {
                ReturnValue = false;
            }
            return ReturnValue;
        }
        #endregion
jcFAQApp这个是什么意思,老报错。怎么解决。。望高手给菜鸟小弟我解决