Detecting SQL injection attack code under asp.net-C#.Net Tutorial-php.cn

Home

Backend Development

C#.Net Tutorial

Detecting SQL injection attack code under asp.net

巴扎黑

Dec 20, 2016 pm 05:09 PM

asp.net

Two classes:
(Page data verification class) PageValidate.cs is basically universal.
The code is as follows:

Use System;
Use System.Text;
Use System.Web;
Use System.Web.UI.WebControls;
Use System.Text.RegularExpressions;
Commonly used namespaces
{
///
/// Page data validation class
///
public class PageValidate
{
Private static regular expression RegNumber = new regular expression ("^[0-9] + $");
Private static regular expression RegNumberSign = new regex("^[+-][0-9]+$?");
private static regex RegDecimal = new regex("[]?^[0-9]+[0- 9] + $");
Private static regular expression RegDecimalSign = new regular expression("^ [+ - ] [0-9] + [0-9] + $?[]?"); //etc. Price at ^ [+ - ] D + D + $? []
Private static regex RegEmail = new regex("^[\W-]+@\W-]+\(COM|NETWORK|ORGANIZATION|EDU|CRYPTO|TV|BIZ|INFO)$" ); //W¯¯A string of English letters or numbers, the same syntax as [A-ZA-Z0-9]
Private static regular expression RegCHZN = new regular expression ("[u4e00- u9fa5]");
Public PageValidate()
{
}

#Region numeric string check
///
///Check the key value of the application query string, whether it is a number, the maximum length limit
///
///Request
/// Request key value
// / Maximum length
// / Returns the request query string
public static string FetchInputDigit(req HttpRequest, string inputKey, maxlen int)
{
string = retVal String.Empty;
if (inputKey = NULL && inputKey = String.Empty!)
{
retVal = req.QueryString [inputKey]
if (null == retVal)
retVal = req.Form [inputKey]
if (empty = retVal!)
{
retVal = SQLTEXT(retVal, MAXLEN);
if (ISNUMBER(retVal)!)
retVal = String.Empty;
}
}
if (retVal == NULL)
retVal = String.Empty;
return retVal;
}
///
///Is numeric string
///
///Input string
///
public Static Boolean ISNUMBER (String inputData)
{
Match M = RegNumber.Match(inputData);
Return m.Success;
}
///
///Whether the numeric string can have a positive or negative sign
///
///Input string
///
Public static boolean IsNumberSign(String inputData)
{
Match M = RegNumberSign.Match(inputData);
Return m.Success;
}
///
/// Whether it is a floating point number
///
///Input string
///
Public static Boolean IsDecimal(String inputData)
{
Match M = RegDecimal.Match(inputData);
Return m.Success;
}
///
///Whether it is a floating point number that can be signed
///
///Input string
///
Public static Boolean IsDecimalSign (string inputData)
{
Match M = RegDecimalSign. Match(inputData);
Return m.Success;
}
#endregion
#Regional Chinese detection
///
///Detect whether there are Chinese characters
///
///
///
Public static Boolean IsHasCHZN (String inputData)
{
Match M = RegCHZN.Match(inputData);
Return m.Success;
}
#endregion
# Regional email address
///
///Whether it is a floating point number that can be positive Negative sign
///
///Input string
///
Public static boolean ISEMAIL(String inputData)
{
Match M = RegEmail.Match(inputData);
Return m.Success;
}
#endregion
# Other regions
///
///Check the maximum length of the string and return a string of the specified length
///
///Input string
///Maximum length
///
Public static characters String SQLTEXT (String SQLInput, int max length)
{
if (SQLInput = NULL && SQLInput = String.Empty)!
{
SQLInput = sqlInput.Trim();
If (sqlInput.Length>maximum length) //Truncate the string according to the maximum length
SQLInput = sqlInput.Substring(0, maximum length);
}
The returned SQLInput ;
}
///
///String encoding
///
///
///
Public static string HTMLEncode(String inputData)
{
Return HttpUtility.HtmlEncode(inputData);
}
///
///Set the label to display the encoded string
///
///
///
Public static void SetLabel(label lbl, string txtInput)
{
lbl.Text = HTMLEncode( txtInput);
}
Public static void SetLabel(LBL label, object inputObj)
{
SetLabel(LBL, inputObj.ToString());
}
//String cleaning
public static string inputText(String inputString, int max length)
{
StringBuilder retVal = new StringBuilder();
// Check if it is null
if ((inputString = NULL) && (inputString = String.Empty)! )
{
inputString = inputString.Trim();
//Check the length
If (inputString.Length>maximum length)
inputString = inputString.Substring(0, maximum length);
//Danger of replacement char
for(int i = 0;i{
switch(inputString[I])
{
case '":
retVal.Append(""");
break ;
case 'retVal.Append("break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append (inputString[I]);
Break;
}
}
retVal.Replace("'", ""); //Replace single quotes
}
return retVal.ToString();
}
///
/ //Convert to HTML code
///
///String
///String
Public static string encoding (String str)
{
str = str.Replace("&", "&");
str = str.Replace("'", "'");
str = str.Replace(""", """);
str = str.Replace("", "");
str = str .Replace(" str = str.Replace(">", ">");
str = str.Replace("n", "
");
return strait;
}
///
///Parse HTML into normal text
///
///String
///String
public static string decode(String str)
{
strait = str .Replace("
", "n");
str = str.Replace(">", ">");
str = str.Replace("str = str.Replace("","");
str = str.Replace(""",""");
return str; (in), save the Global.asax file name and put it under the root Trojan of the website. (Other functions can be added by yourself)

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

C# as a Versatile .NET Language: Applications and ExamplesApr 26, 2025 am 12:26 AM

C# is widely used in enterprise-level applications, game development, mobile applications and web development. 1) In enterprise-level applications, C# is often used for ASP.NETCore to develop WebAPI. 2) In game development, C# is combined with the Unity engine to realize role control and other functions. 3) C# supports polymorphism and asynchronous programming to improve code flexibility and application performance.

C# .NET for Web, Desktop, and Mobile DevelopmentApr 25, 2025 am 12:01 AM

C# and .NET are suitable for web, desktop and mobile development. 1) In web development, ASP.NETCore supports cross-platform development. 2) Desktop development uses WPF and WinForms, which are suitable for different needs. 3) Mobile development realizes cross-platform applications through Xamarin.

C# .NET Ecosystem: Frameworks, Libraries, and ToolsApr 24, 2025 am 12:02 AM

The C#.NET ecosystem provides rich frameworks and libraries to help developers build applications efficiently. 1.ASP.NETCore is used to build high-performance web applications, 2.EntityFrameworkCore is used for database operations. By understanding the use and best practices of these tools, developers can improve the quality and performance of their applications.

Deploying C# .NET Applications to Azure/AWS: A Step-by-Step GuideApr 23, 2025 am 12:06 AM

How to deploy a C# .NET app to Azure or AWS? The answer is to use AzureAppService and AWSElasticBeanstalk. 1. On Azure, automate deployment using AzureAppService and AzurePipelines. 2. On AWS, use Amazon ElasticBeanstalk and AWSLambda to implement deployment and serverless compute.

C# .NET: An Introduction to the Powerful Programming LanguageApr 22, 2025 am 12:04 AM

The combination of C# and .NET provides developers with a powerful programming environment. 1) C# supports polymorphism and asynchronous programming, 2) .NET provides cross-platform capabilities and concurrent processing mechanisms, which makes them widely used in desktop, web and mobile application development.

.NET Framework vs. C#: Decoding the TerminologyApr 21, 2025 am 12:05 AM

.NETFramework is a software framework, and C# is a programming language. 1..NETFramework provides libraries and services, supporting desktop, web and mobile application development. 2.C# is designed for .NETFramework and supports modern programming functions. 3..NETFramework manages code execution through CLR, and the C# code is compiled into IL and runs by CLR. 4. Use .NETFramework to quickly develop applications, and C# provides advanced functions such as LINQ. 5. Common errors include type conversion and asynchronous programming deadlocks. VisualStudio tools are required for debugging.

Demystifying C# .NET: An Overview for BeginnersApr 20, 2025 am 12:11 AM

C# is a modern, object-oriented programming language developed by Microsoft, and .NET is a development framework provided by Microsoft. C# combines the performance of C and the simplicity of Java, and is suitable for building various applications. The .NET framework supports multiple languages, provides garbage collection mechanisms, and simplifies memory management.

C# and the .NET Runtime: How They Work TogetherApr 19, 2025 am 12:04 AM

C# and .NET runtime work closely together to empower developers to efficient, powerful and cross-platform development capabilities. 1) C# is a type-safe and object-oriented programming language designed to integrate seamlessly with the .NET framework. 2) The .NET runtime manages the execution of C# code, provides garbage collection, type safety and other services, and ensures efficient and cross-platform operation.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

4 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

4 weeks agoByDDD

Roblox: Dead Rails - How To Complete Every Challenge

1 months agoByDDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks agoByDDD

Hot Tools

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),