Detecting SQL injection attack code under asp.net-C#.Net Tutorial-php.cn

Home

Backend Development

C#.Net Tutorial

Detecting SQL injection attack code under asp.net

巴扎黑

Dec 20, 2016 pm 05:09 PM

asp.net

Two classes:
(Page data verification class) PageValidate.cs is basically universal.
The code is as follows:

Use System;
Use System.Text;
Use System.Web;
Use System.Web.UI.WebControls;
Use System.Text.RegularExpressions;
Commonly used namespaces
{
///
/// Page data validation class
///
public class PageValidate
{
Private static regular expression RegNumber = new regular expression ("^[0-9] + $");
Private static regular expression RegNumberSign = new regex("^[+-][0-9]+$?");
private static regex RegDecimal = new regex("[]?^[0-9]+[0- 9] + $");
Private static regular expression RegDecimalSign = new regular expression("^ [+ - ] [0-9] + [0-9] + $?[]?"); //etc. Price at ^ [+ - ] D + D + $? []
Private static regex RegEmail = new regex("^[\W-]+@\W-]+\(COM|NETWORK|ORGANIZATION|EDU|CRYPTO|TV|BIZ|INFO)$" ); //W¯¯A string of English letters or numbers, the same syntax as [A-ZA-Z0-9]
Private static regular expression RegCHZN = new regular expression ("[u4e00- u9fa5]");
Public PageValidate()
{
}

#Region numeric string check
///
///Check the key value of the application query string, whether it is a number, the maximum length limit
///
///Request
/// Request key value
// / Maximum length
// / Returns the request query string
public static string FetchInputDigit(req HttpRequest, string inputKey, maxlen int)
{
string = retVal String.Empty;
if (inputKey = NULL && inputKey = String.Empty!)
{
retVal = req.QueryString [inputKey]
if (null == retVal)
retVal = req.Form [inputKey]
if (empty = retVal!)
{
retVal = SQLTEXT(retVal, MAXLEN);
if (ISNUMBER(retVal)!)
retVal = String.Empty;
}
}
if (retVal == NULL)
retVal = String.Empty;
return retVal;
}
///
///Is numeric string
///
///Input string
///
public Static Boolean ISNUMBER (String inputData)
{
Match M = RegNumber.Match(inputData);
Return m.Success;
}
///
///Whether the numeric string can have a positive or negative sign
///
///Input string
///
Public static boolean IsNumberSign(String inputData)
{
Match M = RegNumberSign.Match(inputData);
Return m.Success;
}
///
/// Whether it is a floating point number
///
///Input string
///
Public static Boolean IsDecimal(String inputData)
{
Match M = RegDecimal.Match(inputData);
Return m.Success;
}
///
///Whether it is a floating point number that can be signed
///
///Input string
///
Public static Boolean IsDecimalSign (string inputData)
{
Match M = RegDecimalSign. Match(inputData);
Return m.Success;
}
#endregion
#Regional Chinese detection
///
///Detect whether there are Chinese characters
///
///
///
Public static Boolean IsHasCHZN (String inputData)
{
Match M = RegCHZN.Match(inputData);
Return m.Success;
}
#endregion
# Regional email address
///
///Whether it is a floating point number that can be positive Negative sign
///
///Input string
///
Public static boolean ISEMAIL(String inputData)
{
Match M = RegEmail.Match(inputData);
Return m.Success;
}
#endregion
# Other regions
///
///Check the maximum length of the string and return a string of the specified length
///
///Input string
///Maximum length
///
Public static characters String SQLTEXT (String SQLInput, int max length)
{
if (SQLInput = NULL && SQLInput = String.Empty)!
{
SQLInput = sqlInput.Trim();
If (sqlInput.Length>maximum length) //Truncate the string according to the maximum length
SQLInput = sqlInput.Substring(0, maximum length);
}
The returned SQLInput ;
}
///
///String encoding
///
///
///
Public static string HTMLEncode(String inputData)
{
Return HttpUtility.HtmlEncode(inputData);
}
///
///Set the label to display the encoded string
///
///
///
Public static void SetLabel(label lbl, string txtInput)
{
lbl.Text = HTMLEncode( txtInput);
}
Public static void SetLabel(LBL label, object inputObj)
{
SetLabel(LBL, inputObj.ToString());
}
//String cleaning
public static string inputText(String inputString, int max length)
{
StringBuilder retVal = new StringBuilder();
// Check if it is null
if ((inputString = NULL) && (inputString = String.Empty)! )
{
inputString = inputString.Trim();
//Check the length
If (inputString.Length>maximum length)
inputString = inputString.Substring(0, maximum length);
//Danger of replacement char
for(int i = 0;i{
switch(inputString[I])
{
case '":
retVal.Append(""");
break ;
case 'retVal.Append("break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append (inputString[I]);
Break;
}
}
retVal.Replace("'", ""); //Replace single quotes
}
return retVal.ToString();
}
///
/ //Convert to HTML code
///
///String
///String
Public static string encoding (String str)
{
str = str.Replace("&", "&");
str = str.Replace("'", "'");
str = str.Replace(""", """);
str = str.Replace("", "");
str = str .Replace(" str = str.Replace(">", ">");
str = str.Replace("n", "
");
return strait;
}
///
///Parse HTML into normal text
///
///String
///String
public static string decode(String str)
{
strait = str .Replace("
", "n");
str = str.Replace(">", ">");
str = str.Replace("str = str.Replace("","");
str = str.Replace(""",""");
return str; (in), save the Global.asax file name and put it under the root Trojan of the website. (Other functions can be added by yourself)

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

The Future of C# .NET: Trends and OpportunitiesApr 29, 2025 am 12:02 AM

The future trends of C#.NET are mainly focused on three aspects: cloud computing, microservices, AI and machine learning integration, and cross-platform development. 1) Cloud computing and microservices: C#.NET optimizes cloud environment performance through the Azure platform and supports the construction of an efficient microservice architecture. 2) Integration of AI and machine learning: With the help of the ML.NET library, C# developers can embed machine learning models in their applications to promote the development of intelligent applications. 3) Cross-platform development: Through .NETCore and .NET5, C# applications can run on Windows, Linux and macOS, expanding the deployment scope.

C# .NET Development Today: Trends and Best PracticesApr 28, 2025 am 12:25 AM

The latest developments and best practices in C#.NET development include: 1. Asynchronous programming improves application responsiveness, and simplifies non-blocking code using async and await keywords; 2. LINQ provides powerful query functions, efficiently manipulating data through delayed execution and expression trees; 3. Performance optimization suggestions include using asynchronous programming, optimizing LINQ queries, rationally managing memory, improving code readability and maintenance, and writing unit tests.

C# .NET: Building Applications with the .NET EcosystemApr 27, 2025 am 12:12 AM

How to build applications using .NET? Building applications using .NET can be achieved through the following steps: 1) Understand the basics of .NET, including C# language and cross-platform development support; 2) Learn core concepts such as components and working principles of the .NET ecosystem; 3) Master basic and advanced usage, from simple console applications to complex WebAPIs and database operations; 4) Be familiar with common errors and debugging techniques, such as configuration and database connection issues; 5) Application performance optimization and best practices, such as asynchronous programming and caching.

C# as a Versatile .NET Language: Applications and ExamplesApr 26, 2025 am 12:26 AM

C# is widely used in enterprise-level applications, game development, mobile applications and web development. 1) In enterprise-level applications, C# is often used for ASP.NETCore to develop WebAPI. 2) In game development, C# is combined with the Unity engine to realize role control and other functions. 3) C# supports polymorphism and asynchronous programming to improve code flexibility and application performance.

C# .NET for Web, Desktop, and Mobile DevelopmentApr 25, 2025 am 12:01 AM

C# and .NET are suitable for web, desktop and mobile development. 1) In web development, ASP.NETCore supports cross-platform development. 2) Desktop development uses WPF and WinForms, which are suitable for different needs. 3) Mobile development realizes cross-platform applications through Xamarin.

C# .NET Ecosystem: Frameworks, Libraries, and ToolsApr 24, 2025 am 12:02 AM

The C#.NET ecosystem provides rich frameworks and libraries to help developers build applications efficiently. 1.ASP.NETCore is used to build high-performance web applications, 2.EntityFrameworkCore is used for database operations. By understanding the use and best practices of these tools, developers can improve the quality and performance of their applications.

Deploying C# .NET Applications to Azure/AWS: A Step-by-Step GuideApr 23, 2025 am 12:06 AM

How to deploy a C# .NET app to Azure or AWS? The answer is to use AzureAppService and AWSElasticBeanstalk. 1. On Azure, automate deployment using AzureAppService and AzurePipelines. 2. On AWS, use Amazon ElasticBeanstalk and AWSLambda to implement deployment and serverless compute.

C# .NET: An Introduction to the Powerful Programming LanguageApr 22, 2025 am 12:04 AM

The combination of C# and .NET provides developers with a powerful programming environment. 1) C# supports polymorphism and asynchronous programming, 2) .NET provides cross-platform capabilities and concurrent processing mechanisms, which makes them widely used in desktop, web and mobile application development.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks agoByDDD

InZoi: How To Apply To School And University

3 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

2 weeks agoByDDD

Roblox: Dead Rails – How To Summon And Defeat Nikola Tesla

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.