{"id":1240,"date":"2010-08-15T11:24:10","date_gmt":"2010-08-15T03:24:10","guid":{"rendered":"http:\/\/blog.jixin.ntxz.net\/?p=1240"},"modified":"2010-08-15T11:24:10","modified_gmt":"2010-08-15T03:24:10","slug":"asp-net%e9%98%bb%e6%ad%a2sql%e6%b3%a8%e5%85%a5","status":"publish","type":"post","link":"http:\/\/www.ntxz.net\/?p=1240","title":{"rendered":"ASP.NET\u963b\u6b62SQL\u6ce8\u5165"},"content":{"rendered":"

\u4e00\uff0c\u9a8c\u8bc1\u65b9\u6cd5<\/p>\n

\/\/\/ <\/p>\n

\n \/\/\/SQL\u6ce8\u5165\u8fc7\u6ee4
\n \/\/\/ <\/summary>\n

\/\/\/ \u8981\u8fc7\u6ee4\u7684\u5b57\u7b26\u4e32<\/param>\n \/\/\/ \u5982\u679c\u53c2\u6570\u5b58\u5728\u4e0d\u5b89\u5168\u5b57\u7b26\uff0c\u5219\u8fd4\u56detrue<\/returns>
\n public static bool SqlFilter2(string InText)
\n {
\n string word=”and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join”;
\n if(InText==null)
\n return false;
\n foreach(string i in word.Split(‘|’))
\n {
\n if((InText.ToLower().IndexOf(i+” “)>-1)||(InText.ToLower().IndexOf(” “+i)>-1))
\n {
\n return true;
\n }
\n }
\n return false;
\n }<\/p>\n

\u4e8c\uff0cGlobal.asax \u4e8b\u4ef6<\/p>\n

\/\/\/ <\/p>\n

\n \/\/\/ \u5f53\u6709\u6570\u636e\u65f6\u4ea4\u65f6\uff0c\u89e6\u53d1\u4e8b\u4ef6
\n \/\/\/ <\/summary>\n

\/\/\/ <\/param>\n \/\/\/ <\/param>\n protected void Application_BeginRequest(Object sender, EventArgs e)
\n {
\n \/\/\u904d\u5386Post\u53c2\u6570\uff0c\u9690\u85cf\u57df\u9664\u5916
\n foreach(string i in this.Request.Form)
\n {
\n if(i==”__VIEWSTATE”)continue;
\n this.goErr(this.Request.Form.ToString());
\n }
\n \/\/\u904d\u5386Get\u53c2\u6570\u3002
\n foreach(string i in this.Request.QueryString)
\n {
\n this.goErr(this.Request.QueryString[i].ToString());
\n }
\n }<\/p>\n

\u4e09\uff0cGlobal\u4e2d\u7684\u4e00\u4e2a\u65b9\u6cd5<\/p>\n

\/\/\/ <\/p>\n

\n \/\/\/ \u6821\u9a8c\u53c2\u6570\u662f\u5426\u5b58\u5728SQL\u5b57\u7b26
\n \/\/\/ <\/summary>\n

\/\/\/ <\/param>\n private void goErr(string tm)
\n {
\n if(WLCW.Extend.CValidity.SqlFilter2(tm))
\n this.Response.Redirect(“\/error.html”);
\n }<\/p>\n","protected":false},"excerpt":{"rendered":"

\u4e00\uff0c\u9a8c\u8bc1\u65b9\u6cd5 \/\/\/ \/\/\/SQL\u6ce8\u5165\u8fc7\u6ee4 \/\/\/ \/\/\/ \u8981\u8fc7\u6ee4\u7684\u5b57\u7b26\u4e32 \/\/\/ \u5982\u679c\u53c2\u6570\u5b58\u5728\u4e0d\u5b89\u5168\u5b57\u7b26\uff0c\u5219 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[115,116,117],"class_list":["post-1240","post","type-post","status-publish","format-standard","hentry","category-dotnet","category-fromnetwork","tag-asp-net","tag-sql","tag-117"],"views":453,"_links":{"self":[{"href":"http:\/\/www.ntxz.net\/index.php?rest_route=\/wp\/v2\/posts\/1240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.ntxz.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.ntxz.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.ntxz.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.ntxz.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1240"}],"version-history":[{"count":2,"href":"http:\/\/www.ntxz.net\/index.php?rest_route=\/wp\/v2\/posts\/1240\/revisions"}],"predecessor-version":[{"id":1242,"href":"http:\/\/www.ntxz.net\/index.php?rest_route=\/wp\/v2\/posts\/1240\/revisions\/1242"}],"wp:attachment":[{"href":"http:\/\/www.ntxz.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.ntxz.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1240"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.ntxz.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}