您現(xiàn)在的位置： 365建站網(wǎng) > 365文章 > 檢測SQL注入式攻擊代碼

檢測SQL注入式攻擊代碼

文章來源：365jz.com 點(diǎn)擊數(shù)：285 更新時(shí)間：2009-09-19 10:31 參與評論

兩個(gè)類：

（頁面數(shù)據(jù)校驗(yàn)類）PageValidate.cs 基本通用。

代碼如下：

using System; using System.Text; using System.Web; using System.Web.UI.WebControls; using System.Text.RegularExpressions; namespace Common { /// <summary> /// 頁面數(shù)據(jù)校驗(yàn)類 /// </summary> public class PageValidate { private static Regex RegNumber = new Regex("^[0-9]+$"); private static Regex RegNumberSign = new Regex("^[+-]?[0-9]+$"); private static Regex RegDecimal = new Regex("^[0-9]+[.]?[0-9]+$"); private static Regex RegDecimalSign = new Regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等價(jià)于^[+-]?\d+[.]?\d+$ private static Regex RegEmail = new Regex("^[\\w-]+@[\\w-]+\\.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或數(shù)字的字符串，和 [a-zA-Z0-9] 語法一樣 private static Regex RegCHZN = new Regex("[\u4e00-\u9fa5]"); public PageValidate() { } #region 數(shù)字字符串檢查 /// <summary> /// 檢查Request查詢字符串的鍵值，是否是數(shù)字，最大長度限制 /// </summary> /// <param name="req">Request</param> /// <param name="inputKey">Request的鍵值</param> /// <param name="maxLen">最大長度</param> /// <returns>返回Request查詢字符串</returns> public static string FetchInputDigit(HttpRequest req, string inputKey, int maxLen) { string retVal = string.Empty; if(inputKey != null && inputKey != string.Empty) { retVal = req.QueryString[inputKey]; if(null == retVal) retVal = req.Form[inputKey]; if(null != retVal) { retVal = SqlText(retVal, maxLen); if(!IsNumber(retVal)) retVal = string.Empty; } } if(retVal == null) retVal = string.Empty; return retVal; } /// <summary> /// 是否數(shù)字字符串 /// </summary> /// <param name="inputData">輸入字符串</param> /// <returns></returns> public static bool IsNumber(string inputData) { Match m = RegNumber.Match(inputData); return m.Success; } /// <summary> /// 是否數(shù)字字符串可帶正負(fù)號 /// </summary> /// <param name="inputData">輸入字符串</param> /// <returns></returns> public static bool IsNumberSign(string inputData) { Match m = RegNumberSign.Match(inputData); return m.Success; } /// <summary> /// 是否是浮點(diǎn)數(shù) /// </summary> /// <param name="inputData">輸入字符串</param> /// <returns></returns> public static bool IsDecimal(string inputData) { Match m = RegDecimal.Match(inputData); return m.Success; } /// <summary> /// 是否是浮點(diǎn)數(shù) 可帶正負(fù)號 /// </summary> /// <param name="inputData">輸入字符串</param> /// <returns></returns> public static bool IsDecimalSign(string inputData) { Match m = RegDecimalSign.Match(inputData); return m.Success; } #endregion #region 中文檢測 /// <summary> /// 檢測是否有中文字符 /// </summary> /// <param name="inputData"></param> /// <returns></returns> public static bool IsHasCHZN(string inputData) { Match m = RegCHZN.Match(inputData); return m.Success; } #endregion #region 郵件地址 /// <summary> /// 是否是浮點(diǎn)數(shù) 可帶正負(fù)號 /// </summary> /// <param name="inputData">輸入字符串</param> /// <returns></returns> public static bool IsEmail(string inputData) { Match m = RegEmail.Match(inputData); return m.Success; } #endregion #region 其他 /// <summary> /// 檢查字符串最大長度，返回指定長度的串 /// </summary> /// <param name="sqlInput">輸入字符串</param> /// <param name="maxLength">最大長度</param> /// <returns></returns> public static string SqlText(string sqlInput, int maxLength) { if(sqlInput != null && sqlInput != string.Empty) { sqlInput = sqlInput.Trim(); if(sqlInput.Length > maxLength)//按最大長度截取字符串 sqlInput = sqlInput.Substring(0, maxLength); } return sqlInput; } /// <summary> /// 字符串編碼 /// </summary> /// <param name="inputData"></param> /// <returns></returns> public static string HtmlEncode(string inputData) { return HttpUtility.HtmlEncode(inputData); } /// <summary> /// 設(shè)置Label顯示Encode的字符串 /// </summary> /// <param name="lbl"></param> /// <param name="txtInput"></param> public static void SetLabel(Label lbl, string txtInput) { lbl.Text = HtmlEncode(txtInput); } public static void SetLabel(Label lbl, object inputObj) { SetLabel(lbl, inputObj.ToString()); } //字符串清理 public static string InputText(string inputString, int maxLength) { StringBuilder retVal = new StringBuilder(); // 檢查是否為空 if ((inputString != null) && (inputString != String.Empty)) { inputString = inputString.Trim(); //檢查長度 if (inputString.Length > maxLength) inputString = inputString.Substring(0, maxLength); //替換危險(xiǎn)字符 for (int i = 0; i < inputString.Length; i++) { switch (inputString[i]) { case '"': retVal.Append("""); break; case '<': retVal.Append("<"); break; case '>': retVal.Append(">"); break; default: retVal.Append(inputString[i]); break; } } retVal.Replace("'", " ");// 替換單引號 } return retVal.ToString(); } /// <summary> /// 轉(zhuǎn)換成 HTML code /// </summary> /// <param name="str">string</param> /// <returns>string</returns> public static string Encode(string str) { str = str.Replace("&","&"); str = str.Replace("'","''"); str = str.Replace("\"","""); str = str.Replace(" "," "); str = str.Replace("<","<"); str = str.Replace(">",">"); str = str.Replace("\n","<br>"); return str; } /// <summary> ///解析html成普通文本 /// </summary> /// <param name="str">string</param> /// <returns>string</returns> public static string Decode(string str) { str = str.Replace("<br>","\n"); str = str.Replace(">",">"); str = str.Replace("<","<"); str = str.Replace(" "," "); str = str.Replace(""","\""); return str; } #endregion } }

通用文件（Global.asax），保存為Global.asax文件名放到網(wǎng)站根木馬下即可。（其他功能自行補(bǔ)上）

<mce:script language="C#" runat="server"></mce:script>