aspnet下检测SQL注入式攻击代码

asp.net下检测SQL注入式攻击代码防网站被攻击代码两个类：（页面数据校验类）PageValidate.cs基本通用。代码如下：复制代码代码如下:usingSystem;usingSystem.Text;usingSystem.Web;usingSystem.Web.UI.WebControls;usingSystem.Text.RegularExpressions;namespaceCommon{///summary///页面数据校验类////summarypublicclassPageValidate{privatestaticRegexRegNumber=newRegex(^[0-9]+$);privatestaticRegexRegNumberSign=newRegex(^[+-]?[0-9]+$);privatestaticRegexRegDecimal=newRegex(^[0-9]+[.]?[0-9]+$);privatestaticRegexRegDecimalSign=newRegex(^[+-]?[0-9]+[.]?[0-9]+$);//等价于^[+-]?\d+[.]?\d+$privatestaticRegexRegEmail=newRegex(^[\\w-]+@[\\w-]+\\.(com|net|org|edu|mil|tv|biz|info)$);//w英文字母或数字的字符串，和[a-zA-Z0-9]语法一样privatestaticRegexRegCHZN=newRegex([\u4e00-\u9fa5]);publicPageValidate(){}#region数字字符串检查///summary///检查Request查询字符串的键值，是否是数字，最大长度限制////summary///paramname=reqRequest/param///paramname=inputKeyRequest的键值/param///paramname=maxLen最大长度/param///returns返回Request查询字符串/returnspublicstaticstringFetchInputDigit(HttpRequestreq,stringinputKey,intmaxLen){stringretVal=string.Empty;if(inputKey!=null&&inputKey!=string.Empty){retVal=req.QueryString[inputKey];if(null==retVal)retVal=req.Form[inputKey];if(null!=retVal){retVal=SqlText(retVal,maxLen);if(!IsNumber(retVal))retVal=string.Empty;}}if(retVal==null)retVal=string.Empty;returnretVal;}///summary///是否数字字符串////summary///paramname=inputData输入字符串/param///returns/returnspublicstaticboolIsNumber(stringinputData){Matchm=RegNumber.Match(inputData);returnm.Success;}///summary///是否数字字符串可带正负号////summary///paramname=inputData输入字符串/param///returns/returnspublicstaticboolIsNumberSign(stringinputData){Matchm=RegNumberSign.Match(inputData);returnm.Success;}///summary///是否是浮点数////summary///paramname=inputData输入字符串/param///returns/returnspublicstaticboolIsDecimal(stringinputData){Matchm=RegDecimal.Match(inputData);returnm.Success;}///summary///是否是浮点数可带正负号////summary///paramname=inputData输入字符串/param///returns/returnspublicstaticboolIsDecimalSign(stringinputData){Matchm=RegDecimalSign.Match(inputData);returnm.Success;}#endregion#region中文检测///summary///检测是否有中文字符////summary///paramname=inputData/param///returns/returnspublicstaticboolIsHasCHZN(stringinputData){Matchm=RegCHZN.Match(inputData);returnm.Success;}#endregion#region邮件地址///summary///是否是浮点数可带正负号////summary///paramname=inputData输入字符串/param///returns/returnspublicstaticboolIsEmail(stringinputData){Matchm=RegEmail.Match(inputData);returnm.Success;}#endregion#region其他///summary///检查字符串最大长度，返回指定长度的串////summary///paramname=sqlInput输入字符串/param///paramname=maxLength最大长度/param///returns/returnspublicstaticstringSqlText(stringsqlInput,intmaxLength){if(sqlInput!=null&&sqlInput!=string.Empty){sqlInput=sqlInput.Trim();if(sqlInput.LengthmaxLength)//按最大长度截取字符串sqlInput=sqlInput.Substring(0,maxLength);}returnsqlInput;}///summary///字符串编码////summary///paramname=inputData/param///returns/returnspublicstaticstringHtmlEncode(stringinputData){returnHttpUtility.HtmlEncode(inputData);}///summary///设置Label显示Encode的字符串////summary///paramname=lbl/param///paramname=txtInput/parampublicstaticvoidSetLabel(Labellbl,stringtxtInput){lbl.Text=HtmlEncode(txtInput);}publicstaticvoidSetLabel(Labellbl,objectinputObj){SetLabel(lbl,inputObj.ToString());}//字符串清理publicstaticstringInputText(stringinputString,intmaxLength){StringBuilderretVal=newStringBuilder();//检查是否为空if((inputString!=null)&&(inputString!=String.Empty)){inputString=inputString.Trim();//检查长度if(inputString.LengthmaxLength)inputString=inputString.Substring(0,maxLength);//替换危险字符for(inti=0;iinputString.Length;i++){switch(inputString[i]){case'':retVal.Append();break;case'':retVal.Append();break;case'':retVal.Append();break;default:retVal.Append(inputString[i]);break;}}retVal.Replace(',);//替换单引号}returnretVal.ToString();}///summary///转换成HTMLcode////summary///paramname=strstring/param///returnsstring/returnspublicstaticstringEncode(stringstr){str=str.Replace(&,&);str=str.Replace(','');str=str.Replace(\,);str=str.Replace(,);str=str.Replace(,);str=str.Replace(,);str=str.Replace(\n,br);returnstr;}///summary///解析html成普通文本////summary///paramname=strstring/param///returnsstring/returnspublicstaticstringDecode(stringstr){str=str.Replace(br,\n);str=str.Replace(,);str=str.Replace(,);str=str.Replace(,);str=str.Replace(,\);returnstr;}#endregion}}通用文件（Global.asax），保存为Global.asax文件名放到网站根木马下即可。（其他功能自行补上）复制代码代码如下:scriptlanguage=C#runat=server!--protectedvoidApplication_(Objectsender,EventArgse){StartProcessRequest();}///summary///处理用户提交的请求////summaryprivatevoidStartProcessRequest(){try{stringgetkeys=;if(System.Web.HttpContext.Current.Request.QueryString!=null){for(inti=0;iSystem.Web.HttpContext.Current.Request.QueryString.Count;i++){getkeys=System.Web.HttpContext.Current.Request.QueryString.Keys[i];if(!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys])){System.Web.HttpContext.Current