Detecting SQL injection attack code under asp.net-C#.Net Tutorial-php.cn

Home

Backend Development

C#.Net Tutorial

Detecting SQL injection attack code under asp.net

巴扎黑

Dec 20, 2016 pm 05:09 PM

asp.net

Two classes:
(Page data verification class) PageValidate.cs is basically universal.
The code is as follows:

Use System;
Use System.Text;
Use System.Web;
Use System.Web.UI.WebControls;
Use System.Text.RegularExpressions;
Commonly used namespaces
{
///
/// Page data validation class
///
public class PageValidate
{
Private static regular expression RegNumber = new regular expression ("^[0-9] + $");
Private static regular expression RegNumberSign = new regex("^[+-][0-9]+$?");
private static regex RegDecimal = new regex("[]?^[0-9]+[0- 9] + $");
Private static regular expression RegDecimalSign = new regular expression("^ [+ - ] [0-9] + [0-9] + $?[]?"); //etc. Price at ^ [+ - ] D + D + $? []
Private static regex RegEmail = new regex("^[\W-]+@\W-]+\(COM|NETWORK|ORGANIZATION|EDU|CRYPTO|TV|BIZ|INFO)$" ); //W¯¯A string of English letters or numbers, the same syntax as [A-ZA-Z0-9]
Private static regular expression RegCHZN = new regular expression ("[u4e00- u9fa5]");
Public PageValidate()
{
}

#Region numeric string check
///
///Check the key value of the application query string, whether it is a number, the maximum length limit
///
///Request
/// Request key value
// / Maximum length
// / Returns the request query string
public static string FetchInputDigit(req HttpRequest, string inputKey, maxlen int)
{
string = retVal String.Empty;
if (inputKey = NULL && inputKey = String.Empty!)
{
retVal = req.QueryString [inputKey]
if (null == retVal)
retVal = req.Form [inputKey]
if (empty = retVal!)
{
retVal = SQLTEXT(retVal, MAXLEN);
if (ISNUMBER(retVal)!)
retVal = String.Empty;
}
}
if (retVal == NULL)
retVal = String.Empty;
return retVal;
}
///
///Is numeric string
///
///Input string
///
public Static Boolean ISNUMBER (String inputData)
{
Match M = RegNumber.Match(inputData);
Return m.Success;
}
///
///Whether the numeric string can have a positive or negative sign
///
///Input string
///
Public static boolean IsNumberSign(String inputData)
{
Match M = RegNumberSign.Match(inputData);
Return m.Success;
}
///
/// Whether it is a floating point number
///
///Input string
///
Public static Boolean IsDecimal(String inputData)
{
Match M = RegDecimal.Match(inputData);
Return m.Success;
}
///
///Whether it is a floating point number that can be signed
///
///Input string
///
Public static Boolean IsDecimalSign (string inputData)
{
Match M = RegDecimalSign. Match(inputData);
Return m.Success;
}
#endregion
#Regional Chinese detection
///
///Detect whether there are Chinese characters
///
///
///
Public static Boolean IsHasCHZN (String inputData)
{
Match M = RegCHZN.Match(inputData);
Return m.Success;
}
#endregion
# Regional email address
///
///Whether it is a floating point number that can be positive Negative sign
///
///Input string
///
Public static boolean ISEMAIL(String inputData)
{
Match M = RegEmail.Match(inputData);
Return m.Success;
}
#endregion
# Other regions
///
///Check the maximum length of the string and return a string of the specified length
///
///Input string
///Maximum length
///
Public static characters String SQLTEXT (String SQLInput, int max length)
{
if (SQLInput = NULL && SQLInput = String.Empty)!
{
SQLInput = sqlInput.Trim();
If (sqlInput.Length>maximum length) //Truncate the string according to the maximum length
SQLInput = sqlInput.Substring(0, maximum length);
}
The returned SQLInput ;
}
///
///String encoding
///
///
///
Public static string HTMLEncode(String inputData)
{
Return HttpUtility.HtmlEncode(inputData);
}
///
///Set the label to display the encoded string
///
///
///
Public static void SetLabel(label lbl, string txtInput)
{
lbl.Text = HTMLEncode( txtInput);
}
Public static void SetLabel(LBL label, object inputObj)
{
SetLabel(LBL, inputObj.ToString());
}
//String cleaning
public static string inputText(String inputString, int max length)
{
StringBuilder retVal = new StringBuilder();
// Check if it is null
if ((inputString = NULL) && (inputString = String.Empty)! )
{
inputString = inputString.Trim();
//Check the length
If (inputString.Length>maximum length)
inputString = inputString.Substring(0, maximum length);
//Danger of replacement char
for(int i = 0;i{
switch(inputString[I])
{
case '":
retVal.Append(""");
break ;
case 'retVal.Append("break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append (inputString[I]);
Break;
}
}
retVal.Replace("'", ""); //Replace single quotes
}
return retVal.ToString();
}
///
/ //Convert to HTML code
///
///String
///String
Public static string encoding (String str)
{
str = str.Replace("&", "&");
str = str.Replace("'", "'");
str = str.Replace(""", """);
str = str.Replace("", "");
str = str .Replace(" str = str.Replace(">", ">");
str = str.Replace("n", "
");
return strait;
}
///
///Parse HTML into normal text
///
///String
///String
public static string decode(String str)
{
strait = str .Replace("
", "n");
str = str.Replace(">", ">");
str = str.Replace("str = str.Replace("","");
str = str.Replace(""",""");
return str; (in), save the Global.asax file name and put it under the root Trojan of the website. (Other functions can be added by yourself)

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What are the alternatives to NULL in C languageMar 03, 2025 pm 05:37 PM

This article explores the challenges of NULL pointer dereferences in C. It argues that the problem isn't NULL itself, but its misuse. The article details best practices for preventing dereferences, including pre-dereference checks, pointer initiali

How to add next-level C compilerMar 03, 2025 pm 05:44 PM

This article explains how to create newline characters in C using the \n escape sequence within printf and puts functions. It details the functionality and provides code examples demonstrating its use for line breaks in output.

Which C language compiler is better?Mar 03, 2025 pm 05:39 PM

This article guides beginners on choosing a C compiler. It argues that GCC, due to its ease of use, wide availability, and extensive resources, is best for beginners. However, it also compares GCC, Clang, MSVC, and TCC, highlighting their differenc

Is NULL still important in modern programming in C language?Mar 03, 2025 pm 05:35 PM

This article emphasizes the continued importance of NULL in modern C programming. Despite advancements, NULL remains crucial for explicit pointer management, preventing segmentation faults by marking the absence of a valid memory address. Best prac

What are the web versions of C language compilers?Mar 03, 2025 pm 05:42 PM

This article reviews online C compilers for beginners, focusing on ease of use and debugging capabilities. OnlineGDB and Repl.it are highlighted for their user-friendly interfaces and helpful debugging tools. Other options like Programiz and Compil

C language online programming website C language compiler official website summaryMar 03, 2025 pm 05:41 PM

This article compares online C programming platforms, highlighting differences in features like debugging tools, IDE functionality, standard compliance, and memory/execution limits. It argues that the "best" platform depends on user needs,

Method of copying code by C language compilerMar 03, 2025 pm 05:43 PM

This article discusses efficient code copying in C IDEs. It emphasizes that copying is an IDE function, not a compiler feature, and details strategies for improved efficiency, including using IDE selection tools, code folding, search/replace, templa

How to solve the problem of not popping up the output window by the C language compilerMar 03, 2025 pm 05:40 PM

This article troubleshoots missing output windows in C program compilation. It examines causes like failing to run the executable, program errors, incorrect compiler settings, background processes, and rapid program termination. Solutions involve ch

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks agoByDDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks agoByDDD

Hot Tools

SublimeText3 Chinese version

Chinese version, very easy to use

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),