asp.net下检测SQL注入式攻击代码

两个类:
(页面数据校验类)PageValidate.cs 基本通用。
代码如下:

复制代码 代码如下:


using System;
using System.Text;
using System.Web;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;

namespace Common
{
    /// <summary>
    /// 页面数据校验类
    /// </summary>
    public class PageValidate
    {
        private static Regex RegNumber = new Regex("^[0-9]+$");
        private static Regex RegNumberSign = new Regex("^[+-]?[0-9]+$");
        private static Regex RegDecimal = new Regex("^[0-9]+[.]?[0-9]+$");
        private static Regex RegDecimalSign = new Regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等价于^[+-]?\d+[.]?\d+$
        private static Regex RegEmail = new Regex("^[\\w-]+@[\\w-]+\\.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或数字的字符串,和 [a-zA-Z0-9] 语法一样
        private static Regex RegCHZN = new Regex("[\u4e00-\u9fa5]");

        public PageValidate()
        {
        }


        #region 数字字符串检查        

        /// <summary>
        /// 检查Request查询字符串的键值,是否是数字,最大长度限制
        /// </summary>
        /// <param>Request</param>
        /// <param>Request的键值</param>
        /// <param>最大长度</param>
        /// <returns>返回Request查询字符串</returns>
        public static string FetchInputDigit(HttpRequest req, string inputKey, int maxLen)
        {
            string retVal = string.Empty;
            if(inputKey != null && inputKey != string.Empty)
            {
                retVal = req.QueryString[inputKey];
                if(null == retVal)
                    retVal = req.Form[inputKey];
                if(null != retVal)
                {
                    retVal = SqlText(retVal, maxLen);
                    if(!IsNumber(retVal))
                        retVal = string.Empty;
                }
            }
            if(retVal == null)
                retVal = string.Empty;
            return retVal;
        }        
        /// <summary>
        /// 是否数字字符串
        /// </summary>
        /// <param>输入字符串</param>
        /// <returns></returns>
        public static bool IsNumber(string inputData)
        {
            Match m = RegNumber.Match(inputData);
            return m.Success;
        }        
        /// <summary>
        /// 是否数字字符串 可带正负号
        /// </summary>
        /// <param>输入字符串</param>
        /// <returns></returns>
        public static bool IsNumberSign(string inputData)
        {
            Match m = RegNumberSign.Match(inputData);
            return m.Success;
        }        
        /// <summary>
        /// 是否是浮点数
        /// </summary>
        /// <param>输入字符串</param>
        /// <returns></returns>
        public static bool IsDecimal(string inputData)
        {
            Match m = RegDecimal.Match(inputData);
            return m.Success;
        }        
        /// <summary>
        /// 是否是浮点数 可带正负号
        /// </summary>
        /// <param>输入字符串</param>
        /// <returns></returns>
        public static bool IsDecimalSign(string inputData)
        {
            Match m = RegDecimalSign.Match(inputData);
            return m.Success;
        }        

        #endregion

        #region 中文检测

        /// <summary>
        /// 检测是否有中文字符
        /// </summary>
        /// <param></param>
        /// <returns></returns>
        public static bool IsHasCHZN(string inputData)
        {
            Match m = RegCHZN.Match(inputData);
            return m.Success;
        }    

        #endregion

        #region 邮件地址
        /// <summary>
        /// 是否是浮点数 可带正负号
        /// </summary>
        /// <param>输入字符串</param>
        /// <returns></returns>
        public static bool IsEmail(string inputData)
        {
            Match m = RegEmail.Match(inputData);
            return m.Success;
        }        

        #endregion

        #region 其他

        /// <summary>
        /// 检查字符串最大长度,返回指定长度的串
        /// </summary>
        /// <param>输入字符串</param>
        /// <param>最大长度</param>
        /// <returns></returns>            
        public static string SqlText(string sqlInput, int maxLength)
        {            
            if(sqlInput != null && sqlInput != string.Empty)
            {
                sqlInput = sqlInput.Trim();                            
                if(sqlInput.Length > maxLength)//按最大长度截取字符串
                    sqlInput = sqlInput.Substring(0, maxLength);
            }
            return sqlInput;
        }        
        /// <summary>
        /// 字符串编码
        /// </summary>
        /// <param></param>
        /// <returns></returns>
        public static string HtmlEncode(string inputData)
        {
            return HttpUtility.HtmlEncode(inputData);
        }
        /// <summary>
        /// 设置Label显示Encode的字符串
        /// </summary>
        /// <param></param>
        /// <param></param>
        public static void SetLabel(Label lbl, string txtInput)
        {
            lbl.Text = HtmlEncode(txtInput);
        }
        public static void SetLabel(Label lbl, object inputObj)
        {
            SetLabel(lbl, inputObj.ToString());
        }        
        //字符串清理
        public static string InputText(string inputString, int maxLength)
        {            
            StringBuilder retVal = new StringBuilder();

            // 检查是否为空
            if ((inputString != null) && (inputString != String.Empty))
            {
                inputString = inputString.Trim();

                //检查长度
                if (inputString.Length > maxLength)
                    inputString = inputString.Substring(0, maxLength);

                //替换危险字符
                for (int i = 0; i < inputString.Length; i++)
                {
                    switch (inputString[i])
                    {
                        case '"':
                            retVal.Append(""");
                            break;
                        case '<':
                            retVal.Append("<");
                            break;
                        case '>':
                            retVal.Append(">");
                            break;
                        default:
                            retVal.Append(inputString[i]);
                            break;
                    }
                }                
                retVal.Replace("'", " ");// 替换单引号
            }
            return retVal.ToString();

        }
        /// <summary>
        /// 转换成 HTML code
        /// </summary>
        /// <param>string</param>
        /// <returns>string</returns>
        public static string Encode(string str)
        {            
            str = str.Replace("&","&");
            str = str.Replace("'","''");
            str = str.Replace("\"",""");
            str = str.Replace(" ","&nbsp;");
            str = str.Replace("<","<");
            str = str.Replace(">",">");
            str = str.Replace("\n","<br>");
            return str;
        }
        /// <summary>
        ///解析html成 普通文本
        /// </summary>
        /// <param>string</param>
        /// <returns>string</returns>
        public static string Decode(string str)
        {            
            str = str.Replace("<br>","\n");
            str = str.Replace(">",">");
            str = str.Replace("<","<");
            str = str.Replace("&nbsp;"," ");
            str = str.Replace(""","\"");
            return str;
        }

        #endregion 

    }
}


通用文件(Global.asax),保存为Global.asax文件名 放到网站根木马下即可。(其他功能自行补上)

复制代码 代码如下:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wjfywx.html