These days, 9CBS discussing SQL injection attacks seems to be in full swing ... I will also participate in it .. As follows, checkparams functions, any of the reception parameters, such as strings in the parameter, check the string, such as the parameter Collection (such as Array, in summary ICOLLECTION), check the string elements in the collection. You can fix the character according to the specific situation, I am specifically set to = number and ' In fact, I personally think that it is more difficult to filter these two. It seems that SQL injection is already more difficult. Of course, I am a rookie for SQL, welcome to the high finger, thank you. My email (MSN): AppleDotNet@hotmail.com
Bool Checkparams (params object [] args {string [] lawlesses = {"=", "'"}; if (lawlesses == null || lawlesses.length <= 0) Return true; // Constructs regular expression, Example: Lawlesses is = number and ', then the regular expression is. * [=}']. * (Regular expression related content, please see MSDN) // In addition, I want to do common and easy modification functions, So a more step by the character number to the regular expression, in actual use, the direct write regular expression can also be; string str_regex = ". * ["; For (int i = 0; I
