今天太丢人了,别人都知道加上防sql注入的方法,唯有我没想到,数据赤裸裸的放进了数据库。
bll层的StringClear.cs文件
using System;
using System.Collections.Generic;
using System.Text;
using System.Text.RegularExpressions;
namespace sc.BLL
{
public class StringClear
{
public StringClear()
{}
//
// 定义错误常量
//
public const String OverMax = "长度超过预定数值,将被截取。";
/// <summary>
/// 判断是否为数字
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static bool IsNum(string str)
{
str = InputString(str, str.Length);
Regex reg = new Regex(@"^[1-9]\d*$");
if (reg.IsMatch(str, 0))
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// 判断是否为Email
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static bool checkInput(string str, string userName)
{
str = InputString(str, str.Length);
Regex reg = new Regex(@"\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*");
if (str != "" && reg.IsMatch(str, 0) && userName != "")
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// 截取字符串
/// </summary>
/// <param name="inputtext"></param>
/// <param name="maxl"></param>
/// <returns></returns>
public static string CutString(string inputtext,int maxl)
{
string strr = "";
if ((inputtext != null) && (inputtext != string.Empty))
{
inputtext = inputtext.Trim();
if (inputtext.Length > maxl)
{
strr = inputtext.Substring(0, maxl);
}
else
{
strr = inputtext.ToString();
}
}
return strr;
}
/// <summary>
/// 防SQL注入方法
/// </summary>
/// <param name="inputText">输入字符</param>
/// <param name="MaxLength">字符长度</param>
/// <returns></returns>
public static string InputString(string inputText, int MaxLength)
{
StringBuilder retVal = new StringBuilder();
if ((inputText != null) && (inputText != string.Empty))
{
inputText = inputText.Trim();
if (inputText.Length > MaxLength)
{
inputText.Substring(0, MaxLength);
}
for (int i = 0; i < inputText.Length; i++)
{
switch (inputText[i])
{
case '"':
retVal.Append("""); break;
case '<':
retVal.Append(""); break;
case '>':
retVal.Append(">"); break;
case ')':
retVal.Append(""); break;
case '(':
retVal.Append(""); break;
case '/':
retVal.Append(""); break;
case '\\':
retVal.Append(""); break;
default:
retVal.Append(inputText[i]); break;
}
}
retVal.Replace(" ", "");
}
return retVal.ToString();
}
}
}
在text的值上加sc.BLL.StringClear.InputString(this.txtFaren.Text.ToString(),10) ;
进行了字符转换。
bll层的StringClear.cs文件
using System;using System.Collections.Generic;using System.Text;using System.Text.RegularExpressions;namespace sc.BLL{
public class StringClear {
public StringClear() {} // // 定义错误常量 // public const String OverMax = "长度超过预定数值,将被截取。"; /// <summary> /// 判断是否为数字 /// </summary> /// <param name="str"></param> /// <returns></returns> public static bool IsNum(string str) { str = InputString(str, str.Length); Regex reg = new Regex(@"^[1-9]\d*$"); if (reg.IsMatch(str, 0)) { return true; } else { return false; } } /// <summary> /// 判断是否为Email /// </summary> /// <param name="str"></param> /// <returns></returns> public static bool checkInput(string str, string userName) { str = InputString(str, str.Length); Regex reg = new Regex(@"\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*"); if (str != "" && reg.IsMatch(str, 0) && userName != "") { return true; } else { return false; } } /// <summary> /// 截取字符串 /// </summary> /// <param name="inputtext"></param> /// <param name="maxl"></param> /// <returns></returns> public static string CutString(string inputtext,int maxl) { string strr = ""; if ((inputtext != null) && (inputtext != string.Empty)) { inputtext = inputtext.Trim(); if (inputtext.Length > maxl) { strr = inputtext.Substring(0, maxl); } else { strr = inputtext.ToString(); } } return strr; } /// <summary> /// 防SQL注入方法 /// </summary> /// <param name="inputText">输入字符</param> /// <param name="MaxLength">字符长度</param> /// <returns></returns> public static string InputString(string inputText, int MaxLength) { StringBuilder retVal = new StringBuilder(); if ((inputText != null) && (inputText != string.Empty)) { inputText = inputText.Trim(); if (inputText.Length > MaxLength) { inputText.Substring(0, MaxLength); } for (int i = 0; i < inputText.Length; i++) { switch (inputText[i]) { case '"': retVal.Append("""); break; case '<': retVal.Append(""); break; case '>': retVal.Append(">"); break; case ')': retVal.Append(""); break; case '(': retVal.Append(""); break; case '/': retVal.Append(""); break; case '\\': retVal.Append(""); break; default: retVal.Append(inputText[i]); break; } } retVal.Replace(" ", ""); } return retVal.ToString(); } } }在text的值上加sc.BLL.StringClear.InputString(this.txtFaren.Text.ToString(),10) ;
进行了字符转换。
