Programing Reference For .Net,Java,C

  These days, CSDN discussed SQL injection attacks seems to be in full swing ah … I also came to the Senate with a .. 
  As follows, CheckParams function, receiving arbitrary parameters, such as a string parameter, a string of inspections, such as a set of parameters (such as Array, a word in achieving the ICollection), the set of elements in the string to be checked. 
  We can under the specific circumstances set to filter the characters, I tentatively scheduled for this example, and = ', in fact I personally think that these two filters, it seems to conduct SQL injection has been more difficult, of course, I Rookie of SQL is welcome to master correct, I thank my mail (MSN): Appledotnet@hotmail.com 

  Bool CheckParams (params object [] args) 
  ( 
  String [] Lawlesses ={"=","'"}; 
  If (Lawlesses == null | | Lawlesses.Length <= 0) return true; 
  / / Build a regular expression, cases: Lawlesses and is = ', is a regular expression for .*[=}'].* (Regular Expression Related Content see MSDN) 
  / / Also, because I want to do is generic and easy to modify the function, more than a step from an array of characters to the regular expression, the actual use of direct write a regular expression can be; 
  String str_Regex =".*["; 
  For (int i = 0; i <Lawlesses.Length-1; i + +) 
  Lawlesses str_Regex + = [i ]+"|"; 
  Lawlesses str_Regex + = [Lawlesses.Length-1 ]+"].*"; 
  / / 
  Foreach (object arg in args) 
  ( 
  If (arg is string) / / If this is a string, direct examination 
  ( 
  If (Regex.Matches (arg.ToString (), str_Regex). Count> 0) 
  Return false; 
  ) 
  Else if (arg is ICollection) / / If it is a collection, check whether the string elements in the set, the string on the check 
  ( 
  Foreach (object obj in (ICollection) arg) 
  ( 
  If (obj is string) 
  ( 
  If (Regex.Matches (obj.ToString (), str_Regex). Count> 0) 
  Return false; 
  ) 
  ) 
  ) 
  ) 
  Return true; 
  ) 

Releated Articles

• Popuklar Articles