/// < summary>
public static void StartProcessRequest()
{
try
{
string getkeys = "";
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for(int i=0;i< System.Web.HttpContext.Current.Request.QueryString.Count;i++) {
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i]; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys],0))
{
System.Web.HttpContext.Current.Response.Write("< script>alert('请勿非法提交!');history.back();< /script>");
System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null)
{
for(int i=0;i< System.Web.HttpContext.Current.Request.Form.Count;i++) {
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i]; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys],1))
{
System.Web.HttpContext.Current.Response.Write("< script>alert('请勿非法提交!');history.back();< /script>");
System.Web.HttpContext.Current.Response.End();
}
}
}
}
catch
{
}
}
/// < summary>
private static bool ProcessSqlStr(string Str,int type)
{
string SqlStr; if(type == 1)
SqlStr = "exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare "; else
SqlStr = "'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare"; bool ReturnValue = true; try
{
if (Str != "")
{
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.IndexOf(ss)>=0)
{
ReturnValue = false; }
}
}
}
catch
{
ReturnValue = false; }
return ReturnValue; }
#endregion }
}
