这类文件是Kaersoft_Forum里的一个HTML标签处理文件 现在我想加上过滤SQL的关健字。如果发现有则自动 Response.Redirect("error.aspx") 转向。现在的问题是我在这文件根本没办法使用Response.Redirect("error.aspx") 。该有的命名空间我都用上了 可还是不行:( using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
using System.Text.RegularExpressions;namespace uclub
{
/// <summary>
/// 转换用户的输入。
/// </summary>
public sealed class ConvertString
{ /// <summary>
/// 将用户输入的字符串转换为可换行、替换Html编码、无危害数据库特殊字符、去掉首尾空白、的安全方便代码。
/// </summary>
/// <param name="inputString">用户输入字符串</param>
public static string ConvertStr(string inputString)
{
string retVal=inputString;
retVal=retVal.Replace("&","&");
retVal=retVal.Replace("\"",""");
retVal=retVal.Replace("<","<");
retVal=retVal.Replace(">",">");
retVal=retVal.Replace(" "," ");
retVal=retVal.Replace(" "," ");
retVal=retVal.Replace("\t"," ");
retVal=retVal.Replace("\r", "<br>");
return retVal;
} public static string OutputText(string inputString)
{
string retVal=inputString;
retVal= ConvertStr(retVal);
retVal=retVal.Replace("
retVal=retVal.Replace("">", "");
retVal=retVal.Replace("", "");
retVal=retVal.Replace("", "");
retVal= Regex.Replace(retVal,@"\[flash=\d+,\d+](?<x>[^\]]*)\[/flash]",@"$1",RegexOptions.IgnoreCase);
retVal=retVal.Replace("[flash]", "");
retVal=retVal.Replace("[/flash]", "");
return retVal;
} //过滤SQL关键,防止SQL远程注入攻击
public static string FilterSql(string inputString)
{
string retVal=inputString;
if (retVal==null)
{
retVal="0";
}
string strFilter="',;,//,--,@,_,exec,declare,create";
string[] x=Regex.Split(strFilter,",");
for (int i=1;i<x.Length;i++)
{
if(retVal.ToString().IndexOf(x[i].ToString())>-1)
{
retVal="jf_error";
break;
}
}
return retVal;
} public static string ToUrl(string inputString)
{
string retVal=inputString;
retVal= ConvertStr(retVal);
retVal= Regex.Replace(retVal,@"\
retVal= Regex.Replace(retVal,@"\[flash=(?<width>\d+),(?<height>\d+)](?<x>[^\]]*)\[/flash]",@"<embed src=""$3"" width=""${width}"" height=""${height}""></embed>",RegexOptions.IgnoreCase);
retVal= Regex.Replace(retVal,@"\[flash](?<x>[^\]]*)\[/flash]",@"<embed src=""$1""></embed>",RegexOptions.IgnoreCase);
return Regex.Replace(retVal,@"\",@"<a href=""$1"" target=""_blank""><img src=""$1"" onload=""javascript:if(this.width>screen.width-220)this.width=screen.width-220"" border=1></a>",RegexOptions.IgnoreCase);
}
}
}
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
using System.Text.RegularExpressions;namespace uclub
{
/// <summary>
/// 转换用户的输入。
/// </summary>
public sealed class ConvertString
{ /// <summary>
/// 将用户输入的字符串转换为可换行、替换Html编码、无危害数据库特殊字符、去掉首尾空白、的安全方便代码。
/// </summary>
/// <param name="inputString">用户输入字符串</param>
public static string ConvertStr(string inputString)
{
string retVal=inputString;
retVal=retVal.Replace("&","&");
retVal=retVal.Replace("\"",""");
retVal=retVal.Replace("<","<");
retVal=retVal.Replace(">",">");
retVal=retVal.Replace(" "," ");
retVal=retVal.Replace(" "," ");
retVal=retVal.Replace("\t"," ");
retVal=retVal.Replace("\r", "<br>");
return retVal;
} public static string OutputText(string inputString)
{
string retVal=inputString;
retVal= ConvertStr(retVal);
retVal=retVal.Replace("
retVal=retVal.Replace("">", "");
retVal=retVal.Replace("", "");
retVal=retVal.Replace("", "");
retVal= Regex.Replace(retVal,@"\[flash=\d+,\d+](?<x>[^\]]*)\[/flash]",@"$1",RegexOptions.IgnoreCase);
retVal=retVal.Replace("[flash]", "");
retVal=retVal.Replace("[/flash]", "");
return retVal;
} //过滤SQL关键,防止SQL远程注入攻击
public static string FilterSql(string inputString)
{
string retVal=inputString;
if (retVal==null)
{
retVal="0";
}
string strFilter="',;,//,--,@,_,exec,declare,create";
string[] x=Regex.Split(strFilter,",");
for (int i=1;i<x.Length;i++)
{
if(retVal.ToString().IndexOf(x[i].ToString())>-1)
{
retVal="jf_error";
break;
}
}
return retVal;
} public static string ToUrl(string inputString)
{
string retVal=inputString;
retVal= ConvertStr(retVal);
retVal= Regex.Replace(retVal,@"\
retVal= Regex.Replace(retVal,@"\[flash=(?<width>\d+),(?<height>\d+)](?<x>[^\]]*)\[/flash]",@"<embed src=""$3"" width=""${width}"" height=""${height}""></embed>",RegexOptions.IgnoreCase);
retVal= Regex.Replace(retVal,@"\[flash](?<x>[^\]]*)\[/flash]",@"<embed src=""$1""></embed>",RegexOptions.IgnoreCase);
return Regex.Replace(retVal,@"\",@"<a href=""$1"" target=""_blank""><img src=""$1"" onload=""javascript:if(this.width>screen.width-220)this.width=screen.width-220"" border=1></a>",RegexOptions.IgnoreCase);
}
}
}
解决方案 »
- 怎样取消SqlDataSource的删除命令?
- 关于数据比较
- 求Select自定义样式
- |M|:请问一下AJAX.net BATA2 可不可以在VS2003中应用啊.我机子做VS2005简直不会动
- 怎么让IE只剩下标题栏,其他的工具栏都没有?
- 如何知道DataReader读出来有多少条记录
- 在.net中,怎么样自定义鼠标右键菜单
- |zyciis| 慕白兄以前教我的从网页调用WinFrom程序的例子,那个WinForm程序执行完后可不可以返回数据到那个页面呢
- 请问一下,添加xml节点怎么会出错?谢谢
- 非常急!!請問關于sql的事務處理問題
- 请问textbox里要怎样限制字数,除了MaxLength="70"?之外还要输到了70字就输不进了?
- 连接其他窗口问题,急!
public static string FilterSql(string inputString)
{
string retVal=inputString;
if (retVal==null)
{
retVal="0";
}
string strFilter="',;,//,--,@,_,exec,declare,create";
string[] x=Regex.Split(strFilter,",");
for (int i=1;i<x.Length;i++)
{
if(retVal.ToString().IndexOf(x[i].ToString())>-1)
{
retVal="jf_error";// 这是我目前的做法
Response.Redirect("error.aspx");//我这样想写程序运行出错。
break;
}
}
return retVal;
}