using System;
using System.ComponentModel;
using System.Collections;
using System.Diagnostics;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
namespace Components.GlobalFun
{
public class badword
{
static public bool checkBadword(SqlParameter[] prams)
{
if (prams == null)
{
return true;
}
string strWord = "";
for (int i = 0; i < prams.Length; i++)
{
object result = prams[i].Value;
if (result == null)
{
break;
}
if (prams[i].ToString() == "@sqlTmp")
{
return true;
}
strWord = result.ToString();
if (strWord.Contains("select") || strWord.Contains("update") || strWord.Contains("insert") || strWord.Contains("delete") || strWord.Contains("declare") || strWord.Contains("exec") || strWord.Contains("set"))
{
return false;
}
}
return true;
}
static public bool checkBadword(string strWord)
{
if (strWord.Contains("@") || strWord.Contains("=") || strWord.Contains("'") || strWord.Contains("select") || strWord.Contains("update") || strWord.Contains("insert") || strWord.Contains("delete") || strWord.Contains("declare") || strWord.Contains("exec") || strWord.Contains("set"))
{
return false;
}
return true;
}
static public string ChangeStr(string oldstr)
{
if (oldstr != null)
{
string NewStr = oldstr.Replace('/'', '‘');
NewStr = NewStr.Replace(';', ';');
return NewStr;
}
else
{
return null;
}
}
static public string RequestChstr(string request_str)
{
bool IsValue = true;
string strSQLin = "'|and|--|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|&|%20|==|>|<";
string[] strSQLinGroup = strSQLin.Split(new char[] { '|' }, 23);//23个关键字,有待补充
for (int i = 0; i < strSQLinGroup.Length; i++)
{
if (request_str.ToLower().IndexOf(strSQLinGroup[i]) != -1)
{
IsValue = false;
break;
}
}
if (IsValue)
{
return request_str;
}
return "";
}
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
