C#验证防止阻断Sql注入代码-.Net开发-Jsons在线工具C#.Net社区

C#验证是否存在Sql注入代码
构造SQL的注入关键字符
  //QueryString 数据检测GET恶意数据

        private const string StrKeyWord = @".*(select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and).*";
        private const string StrRegex = @"[-|;|,|/|(|)|[|]|}|{|%|@|*|!|']";

        /// <summary>
        /// 获取Post的数据
        /// </summary>
        public static string ValidUrlPostData()
        {
            bool result = false;
            string res = string.Empty;
            for (int i = 0; i < HttpContext.Current.Request.Form.Count; i  )
            {
                result = ValidData(HttpContext.Current.Request.Form[i].ToString());
                if (result)
                {
                    res = "检测出POST恶意数据: 【"   HttpContext.Current.Request.Form[i].ToString()   "】 URL: 【"   HttpContext.Current.Request.RawUrl   "】来源: 【"   HttpContext.Current.Request.UserHostAddress   "】";
                    break;
                }//如果检测存在漏洞
            }
            return res;
        }

        /// <summary>
        /// 获取QueryString中的数据
        /// </summary>
        public static string ValidUrlGetData()
        {
            bool result = false;
            string res = string.Empty;
            for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i  )
            {
                result = ValidData(HttpContext.Current.Request.QueryString[i].ToString());
                if (result)
                {
                    res = "检测出GET恶意数据: 【"   HttpContext.Current.Request.QueryString[i].ToString()   "】 URL: 【"   HttpContext.Current.Request.RawUrl   "】来源: 【"   HttpContext.Current.Request.UserHostAddress   "】";
                    break;
                }//如果检测存在漏洞
            }
            return res;
        }

        /// <summary>
        /// 验证是否存在注入代码
        /// </summary>
        /// <param name="inputData"></param>
        public static bool ValidData(string inputData)
        {
            //里面定义恶意字符集合
            //验证inputData是否包含恶意集合
            if (Regex.IsMatch(inputData.ToLower(), GetRegexString()))
            {
                return true;
            }
            else
            {
                return false;
            }
        }

        /// <summary>
        /// 获取正则表达式
        /// </summary>
        /// <param name="queryConditions"></param>
        /// <returns></returns>
        private static string GetRegexString()
        {
            //构造SQL的注入关键字符
            string[] strBadChar =
        {
            "and"
            ,"exec"
            ,"insert"
            ,"select"
            ,"delete"
            ,"update"
            ,"count"
            ,"from"
            ,"drop"
            ,"asc"
            ,"char"
            ,"or"
            ,"%"
            ,";"
            ,":"
            ,"\'"
            ,"\""
            ,"-"
            ,"chr"
            ,"mid"
            ,"master"
            ,"truncate"
            ,"char"
            ,"declare"
            ,"SiteName"
            ,"net user"
            ,"xp_cmdshell"
            ,"/add"
            ,"exec master.dbo.xp_cmdshell"
            ,"net localgroup administrators"
        };

            //构造正则表达式
            string str_Regex = ".*(";
            for (int i = 0; i < strBadChar.Length - 1; i  )
            {
                str_Regex  = strBadChar[i]   "|";
            }
            str_Regex  = strBadChar[strBadChar.Length - 1]   ").*";

            return str_Regex;
        }
原文链接：C#验证防止阻断Sql注入代码
C#验证防止阻断Sql注入代码

相关推荐

JSON专题（最全面的Json解析教程，新手必看）

技术分类

加入社区（期待有想法，有技术的你前来投稿）

在线工具
