防止sql注入统一验证

static string str = "|add|and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join|";
    public static bool DataVerify()
    {
        string type = HttpContext.Current.Request.RequestType.ToLower();
        bool flag = true;
        if (type == "post")
        {
            for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++)
            {
                string value = HttpContext.Current.Request.Form[i].ToString().Trim();
                if (str.Contains("|" + value + "|"))
                {
                    flag = false;
                }
            }
        }
        else if (type == "get")
        {
            for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
            {
                if (str.Contains("|" + HttpContext.Current.Request.QueryString[i].ToString().Trim() + "|"))
                {
                    flag = false;
                }
            }
        }
        else
        {
            flag = false;
        }
        return flag;
    }

posted @ 2013-02-16 17:58 ajunfly 阅读(332) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

ajunfly

防止sql注入统一验证

公告