ASP.NET用Global.asax 的Application_BeginRequest事件过滤恶意提交

程序员文章站 2022-06-23 16:30:34

protected void application_beginrequest(object sender, eventargs e) { &nbs...

protected void application_beginrequest(object sender, eventargs e)
    {
        //遍历post参数，隐藏域除外
        foreach (string i in this.request.form)
        {
            if (i == "__viewstate") continue;
            this.goerr(this.request.form[i].tostring());
        }
        //遍历get参数。
        foreach (string i in this.request.querystring)
        {
            this.goerr(this.request.querystring[i].tostring());
        }
    }
    private void goerr(string tm)
    {
        if (sqlfilter2(tm))
        {
            response.redirect("p404.html");
            response.end();
        }
    }
    public static bool sqlfilter2(string intext)
    {
        string word = "and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join";
        if (intext == null)
            return false;
        foreach (string i in word.split('|'))
        {
            if ((intext.tolower().indexof(i + " ") > -1) || (intext.tolower().indexof(" " + i) > -1))
            {
                return true;
            }
        }
        return false;
    }

摘自 bql_email的专栏

上一篇：三星再见！高通7nm骁龙855芯片将交由台积电代工

下一篇：泰国清明适合去哪里玩泰国适合清明游玩的地方