Application_BeginRequest事件过滤恶意提交

Global.asax

 1 protected void Application_BeginRequest(object sender, EventArgs e)
 2     {
 3         //遍历Post参数，隐藏域除外 
 4         foreach (string i in this.Request.Form)
 5         {
 6             if (i == "__VIEWSTATE") continue;
 7             this.goErr(this.Request.Form[i].ToString());
 8         }
 9         //遍历Get参数。 
10         foreach (string i in this.Request.QueryString)
11         {
12             this.goErr(this.Request.QueryString[i].ToString());
13         }
14     }
15     private void goErr(string tm)
16     {
17         if (SqlFilter2(tm))
18         {
19             Response.Redirect("p404.html");
20             Response.End();
21         }
22     }
23     public static bool SqlFilter2(string InText)
24     {
25         string word = "and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join";
26         if (InText == null)
27             return false;
28         foreach (string i in word.Split('|'))
29         {
30             if ((InText.ToLower().IndexOf(i + " ") > -1) || (InText.ToLower().IndexOf(" " + i) > -1))
31             {
32                 return true;
33             }
34         }
35         return false;
36     }

posted @ 2012-08-31 14:05 狄大人阅读(6120) 评论(0) 编辑收藏举报

刷新页面返回顶部

Application_BeginRequest事件过滤恶意提交

公告