121: /// <returns>如果包含注入true;否则返回false</returns>
122: ///</summary>
123: private static bool CheckKeyWord(string _key)
124: {125: string[] pattenString = StrKeyWord.Split(‘|’);
126: string[] pattenRegex = StrRegex.Split(‘|’);
127: foreach (string sqlParam in pattenString)
128: {129: if (_key.Contains(sqlParam + ” “) || _key.Contains(” ” + sqlParam))
130: {131: return true;
132: }
133: }
134: foreach (string sqlParam in pattenRegex)
135: {136: if (_key.Contains(sqlParam))
137: {138: return true;
139: }
140: }
141: return false;
142:
143: }
144: ///<summary>
145: ///检查URL中是否包含Sql注入
146: /// <param name=”_request”>当前HttpRequest对象</param>
147: /// <returns>如果包含注入true;否则返回false</returns>
148: ///</summary>
149: public bool CheckRequestQuery()
150: {151: if (request.QueryString.Count > 0)
152: {153: foreach (string sqlParam in this.request.QueryString)
154: {155: if (sqlParam == “__VIEWSTATE”) continue;
156: if (sqlParam == “__EVENTVALIDATION”) continue;
157: if (CheckKeyWord(request.QueryString[sqlParam].ToLower()))
158: {159: return true;
160: }
161: }
162: }
163: return false;
164: }
165: ///<summary>
166: ///检查提交的表单中是否包含Sql注入
167: /// <param name=”_request”>当前HttpRequest对象</param>
168: /// <returns>如果包含注入true;否则返回false</returns>
169: ///</summary>
170: public bool CheckRequestForm()
171: {172: if (request.Form.Count > 0)
173: {174: foreach (string sqlParam in this.request.Form)
175: {176: if (sqlParam == “__VIEWSTATE”) continue;
177: if (sqlParam == “__EVENTVALIDATION”) continue;
178: if (CheckKeyWord(request.Form[sqlParam]))
179: {180: return true;
181: }
182: }
183: }
184: return false;
185: }
186: }
过滤类是在某前辈的作品基础上改的,很抱歉我已经找不到最原始的出处了。需要在Web.Config中添加防SQL注入的特征字符集:
