/ ****** Snow dragon original ******* /
// Copyright, the end is not allowed to reprint
I was busy for a long time, I finally learned something new. I remember to read a few security articles in the front section, mentioning SQL injection issues, so I want to do some anti-note exploration. To prevent injection, the most important is the information that is input, especially in the information executed in the SQL statement, verify, guarantee that the malicious SQL element is not included, and this verification is just a range of regular expressions, so The regular expression of C # has been experimenting, in order to meet my needs, the experiment results are shared with you.
Operating environment: WinXP IIS6 ASP.NET C #
Regular expression is a powerful tool for pattern matching and replacement. It matches the input string of the input by building an expression, then returns the resulting result, if you don't understand it, please continue Down. Take the most extensive web authentication as an example: We receive the input username in the page, deposit the variable temp_username, and this time the variable may contain malicious information, we want the username to contain only English characters, numbers and underscores It is necessary to construct a regular expression for TEMP_USERNAME, which is performed in C #:
We want to use System.Text.RegularExpressions.Regex.Replace (string, regular expression, replace characters) this static method, where the parameter string is of course our temp_username, regular expression, I give "/ / W ", replacing the character is" "", the entire method is completed is system.text.regularexpressions.Regex.replace (Temp_username, "// w", "); // It is used to replace the regular expression to match success character
The following focuses on the constructor of the C # in the C #, the C # regular expression constructor is the same, all in the quotation marks, the form, such as "Look". Special "metamorphic characters" are provided in the regular expression, which is a special characteristic character in the regular expression, and the common metammatics include " ", "*", "?", "// s", "// s", "// d", "// w", "// w", is case sensitive, and the metamodes will be described below: " ", such as "LO " matching L, Once appears once or Multiple strings, such as "Love", "Look" is "*" Test "?" "// s" to match individual space characters, including Tabs and newline characters. "// s" matches all characters other than a single space character. "// D" matches the number from 0 to 0. "// w" matches letters, numbers, and underscores. "// W" matches all characters that do not match // W. (The first example in the text is to use this element, and all single quotes and spaces and other illegal characters are removed)
Specialized locators are also available in regular expressions, including: "^", "{$ body} quot;" // b "
