ASP.NET method instance parsing to prevent SQL injection

Y2J
Release: 2017-04-25 13:59:40
Original
1800 people have browsed it

I recently took over a project from someone else and found that there was a SQL injection vulnerability. Since I didn’t want to change too many codes, I didn’t need to use the parameter method to prevent injection. We can only use the traditional stupid method.

1. Create a new Global.asax file.

2. Add the following code:

void Application_BeginRequest(object sender, EventArgs e)
{
    bool result = false;
    if (Request.RequestType.ToUpper() == "POST")
    {
       //post方式的我就不写了。
    }
    else
    {
      result = ValidUrlGetData();
    }
    if (result)
    {
      Response.Write("您提交的数据有恶意字符!");
      Response.End();
    }
}
/// <summary>
/// 获取QueryString中的数据
/// </summary>
public static bool ValidUrlGetData()
{
    bool result = false;
    for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
    {
      result = Validate(HttpContext.Current.Request.QueryString[i].ToString());
      if (result)
      {
        break;
      }//如果检测存在漏洞
    }
    return result;
}
public static string []strs = new string[] {"select","drop","exists","exec","insert","delete","update","and","or","user" };//此处我随便加了几个,大家可以多加点哈。
public static bool Validate(string str)
{
    for (int i = 0; i < strs.Length; i++)
    {
      if (str.IndexOf(strs[i]) != -1)
      {
        return true;
        break;
      }
    }
    return false;
}
Copy after login

The above is the detailed content of ASP.NET method instance parsing to prevent SQL injection. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!