首页 > 代码库 > 判断字符串中是否有SQL攻击代码

判断字符串中是否有SQL攻击代码

判断一个输入框中是否有SQL攻击代码

public const string SQLSTR2 = @"exec|cast|convert|set|insert|select|delete|update|alter|drop|count|chr|varchar|nvarchar|nchar|char[ ]*\([ ]*|asc[ ]*\([ ]*|mid[ ]*\([ ]*|substring|master|truncate|declare|xp_cmdshell|restore|backup|net[ ]+user|net[ ]+localgroup[ ]+administrators";  /// <summary>        /// 判断字符串中是否有SQL攻击代码        /// </summary>        /// <param name="inputString">传入用户提交数据</param>        /// <returns>true-安全;false-有注入攻击可能;</returns>        public static bool ProcessSqlStr(string inputString)        {            //if (string.IsNullOrEmpty(inputString))            //    return false;            string SqlStr = AqiooInfo.SQLSTR2;            try            {                if ((inputString != null) && (inputString != String.Empty))                {                    string str_Regex = @"温|胡|\b(" + SqlStr + @")\b";                    Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);                    //string s = Regex.Match(inputString).Value;                     if (Regex.IsMatch(inputString)) //|| Regex.IsMatch(inputString, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\‘]")                        return false;                }            }            catch            {                return false;            }            return true;        }
View Code