C # check the string, anti-SQL injection attack

zhaozj2021-02-16  75

These days, 9CBS discussing SQL injection attacks seems to be in full swing ... I will also participate in it .. As follows, checkparams functions, any of the reception parameters, such as strings in the parameter, check the string, such as the parameter Collection (such as Array, in summary ICOLLECTION), check the string elements in the collection. You can fix the character according to the specific situation, I am specifically set to = number and ' In fact, I personally think that it is more difficult to filter these two. It seems that SQL injection is already more difficult. Of course, I am a rookie for SQL, welcome to the high finger, thank you. My email (MSN): AppleDotNet@hotmail.com

Bool Checkparams (params object [] args {string [] lawlesses = {"=", "'"}; if (lawlesses == null || lawlesses.length <= 0) Return true; // Constructs regular expression, Example: Lawlesses is = number and ', then the regular expression is. * [=}']. * (Regular expression related content, please see MSDN) // In addition, I want to do common and easy modification functions, So a more step by the character number to the regular expression, in actual use, the direct write regular expression can also be; string str_regex = ". * ["; For (int i = 0; I 0) Return False;} Else if (arg is iCollection) // If it is a collection, check the elements in the collection, It is a string that checks {for (Object Obj ICollection arg) {if (obj is string) {if (obj.tostring (), str_regex) .count> 0) Return False;}} }}} Return True;}

转载请注明原文地址:https://www.9cbs.com/read-12279.html

New Post(0)