时间:2016-02-16 01:23 来源: 我爱IT技术网 作者:佚名
欢迎您访问我爱IT技术网,今天小编为你分享的编程技术是:【asp.net下检测SQL注入式攻击代码】,下面是详细的讲解!
asp.net下检测SQL注入式攻击代码
using System;
using System.Text;
using System.Web;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;
namespace Common
{
/// <summary>
/// 页面数据校验类
/// </summary>
public class PageValidate
{
private static Regex RegNumber=new Regex("^[0-9]+$");
private static Regex RegNumberSign=new Regex("^[+-]?[0-9]+$");
private static Regex RegDecimal=new Regex("^[0-9]+[.]?[0-9]+$");
private static Regex RegDecimalSign=new Regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等价于^[+-]?\d+[.]?\d+$
private static Regex RegEmail=new Regex("^[\\w-]+@[\\w-]+\\.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或数字的字符串,和 [a-zA-Z0-9] 语法一样
private static Regex RegCHZN=new Regex("[\u4e00-\u9fa5]");
public PageValidate()
{
}
#region 数字字符串检查
/// <summary>
/// 检查Request查询字符串的键值,是否是数字,最大长度限制
/// </summary>
/// <param name="req">Request</param>
/// <param name="inputKey">Request的键值</param>
/// <param name="maxLen">最大长度</param>
/// <returns>返回Request查询字符串</returns>
public static string FetchInputDigit(HttpRequest req, string inputKey, int maxLen)
{
string retVal=string.Empty;
if(inputKey !=null && inputKey !=string.Empty)
{
retVal=req.QueryString[inputKey];
if(null==retVal)
retVal=req.Form[inputKey];
if(null !=retVal)
{
retVal=SqlText(retVal, maxLen);
if(!IsNumber(retVal))
retVal=string.Empty;
}
}
if(retVal==null)
retVal=string.Empty;
return retVal;
}
/// <summary>
/// 是否数字字符串
/// </summary>
/// <param name="inputData">输入字符串</param>
/// <returns></returns>
public static bool IsNumber(string inputData)
{
Match m=RegNumber.Match(inputData);
return m.Success;
}
/// <summary>
/// 是否数字字符串 可带正负号
/// </summary>
/// <param name="inputData">输入字符串</param>
/// <returns></returns>
public static bool IsNumberSign(string inputData)
{
Match m=RegNumberSign.Match(inputData);
return m.Success;
}
/// <summary>
/// 是否是浮点数
/// </summary>
/// <param name="inputData">输入字符串</param>
/// <returns></returns>
public static bool IsDecimal(string inputData)
{
Match m=RegDecimal.Match(inputData);
return m.Success;
}
/// <summary>
/// 是否是浮点数 可带正负号
/// </summary>
/// <param name="inputData">输入字符串</param>
/// <returns></returns>
public static bool IsDecimalSign(string inputData)
{
Match m=RegDecimalSign.Match(inputData);
return m.Success;
}
#endregion
#region 中文检测
/// <summary>
/// 检测是否有中文字符
/// </summary>
/// <param name="inputData"></param>
/// <returns></returns>
public static bool IsHasCHZN(string inputData)
{
Match m=RegCHZN.Match(inputData);
return m.Success;
}
#endregion
#region 邮件地址
/// <summary>
/// 是否是浮点数 可带正负号
/// </summary>
/// <param name="inputData">输入字符串</param>
/// <returns></returns>
public static bool IsEmail(string inputData)
{
Match m=RegEmail.Match(inputData);
return m.Success;
}
#endregion
#region 其他
/// <summary>
/// 检查字符串最大长度,返回指定长度的串
/// </summary>
/// <param name="sqlInput">输入字符串</param>
/// <param name="maxLength">最大长度</param>
/// <returns></returns>
public static string SqlText(string sqlInput, int maxLength)
{
if(sqlInput !=null && sqlInput !=string.Empty)
{
sqlInput=sqlInput.Trim();
if(sqlInput.Length > maxLength)//按最大长度截取字符串
sqlInput=sqlInput.Substring(0, maxLength);
}
return sqlInput;
}
/// <summary>
/// 字符串编码
/// </summary>
/// <param name="inputData"></param>
/// <returns></returns>
public static string HtmlEncode(string inputData)
{
return HttpUtility.HtmlEncode(inputData);
}
/// <summary>
/// 设置Label显示Encode的字符串
/// </summary>
/// <param name="lbl"></param>
/// <param name="txtInput"></param>
public static void SetLabel(Label lbl, string txtInput)
{
lbl.Text=HtmlEncode(txtInput);
}
public static void SetLabel(Label lbl, object inputObj)
{
SetLabel(lbl, inputObj.ToString());
}
//字符串清理
public static string InputText(string inputString, int maxLength)
{
StringBuilder retVal=new StringBuilder();
// 检查是否为空
if ((inputString !=null) && (inputString !=String.Empty))
{
inputString=inputString.Trim();
//检查长度
if (inputString.Length > maxLength)
inputString=inputString.Substring(0, maxLength);
//替换危险字符
for (int i=0; i < inputString.Length; i++)
{
switch (inputString[i])
{
case '"':
retVal.Append(""");
break;
case '<':
retVal.Append("<");
break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append(inputString[i]);
break;
}
}
retVal.Replace("'", " ");// 替换单引号
}
return retVal.ToString();
}
/// <summary>
/// 转换成 HTML code
/// </summary>
/// <param name="str">string</param>
/// <returns>string</returns>
public static string Encode(string str)
{
str=str.Replace("&","&");
str=str.Replace("'","''");
str=str.Replace("\"",""");
str=str.Replace(" "," ");
str=str.Replace("<","<");
str=str.Replace(">",">");
str=str.Replace("\n","<br>");
return str;
}
/// <summary>
///解析html成 普通文本
/// </summary>
/// <param name="str">string</param>
/// <returns>string</returns>
public static string Decode(string str)
{
str=str.Replace("<br>","\n");
str=str.Replace(">",">");
str=str.Replace("<","<");
str=str.Replace(" "," ");
str=str.Replace(""","\"");
return str;
}
#endregion
}
}
关于asp.net下检测SQL注入式攻击代码的用户互动如下:
相关问题:
答: >>详细
相关问题:
答: >>详细
相关问题:
答: >>详细
- 【asp】asp.net url重写浅谈-net-url重写
- 【DataSet】DataSet、DataTable、DataRow区别详解
- 【asp】asp.net 动态添加多个用户控件-net-动态添
- 【ASP】ASP.NET中内嵌页面代码的一个问题-NET-内
- 【As】Asp.net中的页面乱码的问题-sp--pn-ne-et
- 【增加记录】asp.net中获取新增加记录的ID Access
- 【创建】ASP.NET Web API教程 创建域模型的方法详
- 【Asp】Asp.net 页面调用javascript变量的值-net-
- 【ASP】ASP.NET 5升级后如何删除旧版本的DNX-NET5
- 【404页面】ASP.NET设置404页面返回302HTTP状态码
- 评论列表(网友评论仅供网友表达个人看法,并不表明本站同意其观点或证实其描述)
-