void
Application_BeginRequest(
object
sender, EventArgs e)
{
bool
result =
false
;
if
(Request.RequestType.ToUpper() ==
"POST"
)
{
}
else
{
result = ValidUrlGetData();
}
if
(result)
{
Response.Write(
"您提交的数据有恶意字符!"
);
Response.End();
}
}
/// <summary>
/// 获取QueryString中的数据
/// </summary>
public
static
bool
ValidUrlGetData()
{
bool
result =
false
;
for
(
int
i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
{
result = Validate(HttpContext.Current.Request.QueryString[i].ToString());
if
(result)
{
break
;
}
}
return
result;
}
public
static
string
[]strs =
new
string
[] {
"select"
,
"drop"
,
"exists"
,
"exec"
,
"insert"
,
"delete"
,
"update"
,
"and"
,
"or"
,
"user"
};
public
static
bool
Validate(
string
str)
{
for
(
int
i = 0; i < strs.Length; i++)
{
if
(str.IndexOf(strs[i]) != -1)
{
return
true
;
break
;
}
}
return
false
;
}