在Global.asax文件中加入如下方法即可:#region SQL注入式攻击代码分析
/// <summary>
/// 处理用户提交的请求
/// </summary>
private void StartProcessRequest()
{
try
{
string getkeys = ""; if (System.Web.HttpContext.Current.Request.QueryString != null)
{ for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.Write("<h3>不能包含执行语句</h3>");
System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
if (getkeys == "__VIEWSTATE") continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
jcFAQApp.FAQ_Util.Log.WriteMessage("<font color:red>注入攻击</red>", System.Web.HttpContext.Current.Request.UserHostAddress.ToString());
System.Web.HttpContext.Current.Response.Write("<h3>不能包含执行语句</h3>");
System.Web.HttpContext.Current.Response.End();
}
}
}
}
catch
{ }
}
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="Str">传入用户提交数据 </param>
/// <returns>返回是否含有SQL注入式攻击代码 </returns>
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str.Trim() != "")
{
//string SqlStr = "and |exec |insert |select |delete |update |count |* |chr |mid |master |truncate |char |declare";
string SqlStr = "exec |insert |select |delete |update |mid |master |truncate |declare";
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.ToLower().IndexOf(ss) >= 0)
{
ReturnValue = false;
break;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
#endregion
http://topic.csdn.net/u/20090708/09/b78444ee-9081-4ff7-8aa5-ba6f9b1d9fdc.html
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货