我调用CheckStringFilterSql总提示“并非所有代码路径都有返回值!这个要怎么解决啊。 /// <summary>
/// 判断登陆用户名是否含有危险sql语句
/// </summary>
/// <param name="inputstring"></param>
/// <returns></returns>
public bool CheckStringFilterSql(string inputstring)
{
for (int i = 1; i < stringList().Length; i++)
{
if (inputstring == stringList()[i].ToString())
{
return true;
}
else
{
return false;
}
}
} /// <summary>
/// 定义危险sql语句
/// </summary>
/// <returns></returns>
private string[] stringList()
{
string[] itemvalue = new string[21];
itemvalue[1] = "select";
itemvalue[2] = "update";
itemvalue[3] = "delete";
itemvalue[4] = "xp_cmdshell";
itemvalue[5] = "xp_dirtree";
itemvalue[6] = "xp_fileexist";
itemvalue[7] = "xp_terminate_process";
itemvalue[8] = "sp_oamethod";
itemvalue[9] = "sp_oacreate";
itemvalue[10] = "xp_regaddmultistring";
itemvalue[11] = "xp_regdeletekey";
itemvalue[12] = "xp_regdeletevalue";
itemvalue[13] = "xp_regenumkeys";
itemvalue[14] = "xp_regenumvalues";
itemvalue[15] = "sp_add_job";
itemvalue[16] = "sp_addtask";
itemvalue[17] = "xp_regread";
itemvalue[18] = "xp_regwrite";
itemvalue[19] = "xp_readwebtask";
itemvalue[20] = "xp_makewebtask"; return itemvalue;
}
/// 判断登陆用户名是否含有危险sql语句
/// </summary>
/// <param name="inputstring"></param>
/// <returns></returns>
public bool CheckStringFilterSql(string inputstring)
{
for (int i = 1; i < stringList().Length; i++)
{
if (inputstring == stringList()[i].ToString())
{
return true;
}
else
{
return false;
}
}
} /// <summary>
/// 定义危险sql语句
/// </summary>
/// <returns></returns>
private string[] stringList()
{
string[] itemvalue = new string[21];
itemvalue[1] = "select";
itemvalue[2] = "update";
itemvalue[3] = "delete";
itemvalue[4] = "xp_cmdshell";
itemvalue[5] = "xp_dirtree";
itemvalue[6] = "xp_fileexist";
itemvalue[7] = "xp_terminate_process";
itemvalue[8] = "sp_oamethod";
itemvalue[9] = "sp_oacreate";
itemvalue[10] = "xp_regaddmultistring";
itemvalue[11] = "xp_regdeletekey";
itemvalue[12] = "xp_regdeletevalue";
itemvalue[13] = "xp_regenumkeys";
itemvalue[14] = "xp_regenumvalues";
itemvalue[15] = "sp_add_job";
itemvalue[16] = "sp_addtask";
itemvalue[17] = "xp_regread";
itemvalue[18] = "xp_regwrite";
itemvalue[19] = "xp_readwebtask";
itemvalue[20] = "xp_makewebtask"; return itemvalue;
}
public bool CheckStringFilterSql(string inputstring)
{
for (int i = 1; i < stringList().Length; i++)
{
if (inputstring == stringList()[i].ToString())
{
return true;
}
}
return false;
}
{
for (int i = 1; i < stringList().Length; i++)
{
if (inputstring == stringList()[i].ToString())
{
return true;
}
else
{
return false;
}
}
}
如果stringList().Length小于等于1的话,循环将永不执行
这样CheckStringFilterSql方法就不会有返回值了
应该在for循环后加上 return 语句
/// <returns>true: 含有危险sql语句</returns>
public bool ContainsIllegalString(string inputString)
{
inputString = inputString.ToLower(); foreach (string s in GetIllegalStringList())
{
if (inputString.Contains(s)) return true;
} return false;
} /// <returns>危险sql语句</returns>
private string[] GetIllegalStringList()
{
if (m_IllegalStrings == null)
{
m_IllegalStrings = new string[]
{
"select",
"update",
"delete",
"xp_cmdshell",
"xp_dirtree",
"xp_fileexist",
"xp_terminate_process",
"sp_oamethod",
"sp_oacreate",
"xp_regaddmultistring",
"xp_regdeletekey",
"xp_regdeletevalue",
"xp_regenumkeys",
"xp_regenumvalues",
"sp_add_job",
"sp_addtask",
"xp_regread",
"xp_regwrite",
"xp_readwebtask",
"xp_makewebtask",
};
} return m_IllegalStrings;
}
private string[] m_IllegalStrings;