求一个过滤sql特殊字符,防止sql注击的方法
由于以前的大量的使用了拼接sql语句,要一个一个改成传参数的形式,时间不允许
想过滤掉特殊字符,防止sql注击
[解决办法]
//获得关键子
public int CheckKey(string Content)
{
int n = -1;
string str = "'|"|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|''|--|;|;|or";
String[] Array = str.Split('|');
foreach (string item in Array)
{
int index = Content.IndexOf(item);
if (index != -1)
{
n = index;
break;
}
}
return n;
}
Content是你的有参数的url,如果返回的不是-1就说明有sql攻击的关键字
楼主研究下
[解决办法]
up
[解决办法]
将以下代码放入Global.asax中,
然后在 Application_BeginRequest 里面添加调用 StartProcessRequest();
- C# code
#region SQL注入式攻击代码分析 /// <summary> /// 处理用户提交的请求 /// </summary> private void StartProcessRequest() { try { string getkeys = ""; string sqlErrorPage = "/index.aspx";//转向的错误提示页面 if (System.Web.HttpContext.Current.Request.QueryString != null) { for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++) { getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i]; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys])) { System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage); System.Web.HttpContext.Current.Response.End(); } } } if (System.Web.HttpContext.Current.Request.Form != null) { for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++) { getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i]; if (getkeys == "__VIEWSTATE") continue; if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys])) { System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage); System.Web.HttpContext.Current.Response.End(); } } } } catch { // 错误处理: 处理用户提交信息! } } /// <summary> /// 分析用户请求是否正常 /// </summary> /// <param name="Str">传入用户提交数据 </param> /// <returns>返回是否含有SQL注入式攻击代码 </returns> private bool ProcessSqlStr(string Str) { bool ReturnValue = true; try { if (Str.Trim() != "") { string SqlStr = "exec |insert |select |delete |update |count |* |mid |master |truncate |char |declare"; string[] anySqlStr = SqlStr.Split('|'); foreach (string ss in anySqlStr) { if (Str.ToLower().IndexOf(ss.Trim()) >= 0) { ReturnValue = false; break; } } } } catch { ReturnValue = false; } return ReturnValue; } #endregion
[解决办法]
mark!
[解决办法]
/// <summary>
/// 去除不安全的sql
/// </summary>
/// <param name="source"></param>
/// <returns></returns>
public string SqlSafe(string source)
{
source = source.Replace("'", "");
source = source.Replace("\"","");
source = source.Replace("-","");
source = source.Replace("+", "");
source = source.Replace("&", "");
source = source.Replace("<", "");
source = source.Replace(">", "");
source = source.Replace("<>", "");
return source;
}
[解决办法]
正常的程序应该是没有注入点,而且不是漏洞到处都是,就靠些过滤来对付。
[解决办法]
可以用参数的格式话输出来防止SQL注入 思路如下:
using (Sqlconnection con = new Sqlconnection (“连接数据库字符串”) )
{
con.open()
String str = "select count(*) from ‘用户表' where Uname=@name and Pwd= @password ";
SqlCommand cmdnologin = new SqlCommand(str, con);
cmdnologin.Parameters.AddWithValue("@name", " aa or 1=1--".Trim()); //
cmdnologin.Parameters.AddWithValue("@passward".ToUpper(), "bb");
int inta = int.Parse(cmdnologin.ExecuteScalar().ToString());
if (inta > 0)
{
Console.WriteLine("yes");
}
else
{
Console.WriteLine("no");
}
}
cmdnologin.ExecuteScalar() 方法是返回首行首列的值 用户名和密码在你的表中肯定是唯一的 返回值应该 1
[解决办法]
#region 数据库操作字符串处理语句,以免出错语法错误
public static string ClearSQLString(string sql)
{
if(sql != null || sql == string.Empty)
{
//如果有insert或update语句时
sql = sql.ToLower();
sql = sql.Replace(" "," ");
sql = sql.Replace("1=1 and "," ");
sql = sql.Replace(" and and "," and ");
if(sql.IndexOf("@") > 0)
{
sql = sql.Replace("declare "," ");
}
/*
if(sql.IndexOf("insert") > 0 || sql.IndexOf("update") > 0)
{
sql = sql.Replace("'0001-1-1 0:00:00'","null");
sql = sql.Replace("0001-1-1 0:00:00","null");
//sql = sql.Replace("(0,","(null,");
//sql = sql.Replace("('0',","(null,");
//sql = sql.Replace(",0)",",null)");
//sql = sql.Replace(",'0')",",null)");
//sql = sql.Replace(",0,",",null,");
//sql = sql.Replace("('',","(null,");
sql = sql.Replace(",'')",",null)");
sql = sql.Replace(",'',",",null,");
sql = sql.Replace("-1,","null,");
sql = sql.Replace("'-1',",",null,");
sql.Replace("'null'","null");
int index = sql.IndexOf(" where ");
if(index > 0)
{
string sqlBeforWhere = sql.Substring(0,index);
sql = sql.Substring(index + 1);
sql = sql.Replace("where and","where ");
sql.Replace("= null","is null");
sql.Replace("=null","is null");
sql = sqlBeforWhere + sql;
}
}
*/
}
return sql;
}
[解决办法]
学习!帮顶
[解决办法]
public int checkLogin(string loginName,string loginPwd)
{
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conStr"]);
SqlCommand myCommand = new SqlCommand("select count(*) from tbuser where Name=@loginName and PassWord=@loginPwd", con);
myCommand.Parameters.Add(new SqlParameter("@loginName", SqlDbType.NVarChar, 20));
myCommand.Parameters["@loginName"].Value = loginName;
myCommand.Parameters.Add(new SqlParameter("@loginPwd", SqlDbType.NVarChar, 20));
myCommand.Parameters["@loginPwd"].Value = loginPwd;
myCommand.Connection.Open();
int i=(int)myCommand.ExecuteScalar();
myCommand.Connection.Close();
return i;
}
[解决办法]
up
[解决办法]
最好用正则表达式 因为很多关键字都要考虑大小写的问题
[解决办法]
string text = username.Text.Trim().Replace("'", "''");
text = text.Replace(">",">");
text = text.Replace("<","<");
string strSql = "select count(uid) from Dz_Admin where [userName]='" + text + "' and [Password]='" + getMd5Hash(password.Text.Trim()) + "'";
自己写的 仅供参考