<%@ Application Language="C#" %>
<script runat="server">
void Application_Start(object sender, EventArgs e)
{
// 在应用程序启动时运行的代码
}
void Application_End(object sender, EventArgs e)
{
// 在应用程序关闭时运行的代码
}
void Application_Error(object sender, EventArgs e)
{
// 在出现未处理的错误时运行的代码
}
void Session_Start(object sender, EventArgs e)
{
// 在新会话启动时运行的代码
}
void Session_End(object sender, EventArgs e)
{
// 在会话结束时运行的代码。
// 注意: 只有在 Web.config 文件中的 sessionstate 模式设置为
// InProc 时,才会引发 Session_End 事件。如果会话模式设置为 StateServer
// 或 SQLServer,则不会引发该事件。
}
/// <summary>
/// 当有数据时交时,触发事件
/// </summary>
/// <param name="sender"> </param>
/// <param name="e"> </param>
protected void Application_BeginRequest(Object sender, EventArgs e)
{
//遍历Post参数,隐藏域除外
foreach (string i in this.Request.Form)
{
if (i == "__VIEWSTATE") continue;
this.sqlSecurity(this.Request.Form[i].ToString());
}
//遍历Get参数。
foreach (string i in this.Request.QueryString)
{
this.sqlSecurity(this.Request.QueryString[i].ToString());
}
}
protected void sqlSecurity(string str)
{
string[] ary = new string[]{"'","and","exec","insert","select","delete","update","count","*","%","chr","mid","master","truncate","char","declare","cmd","or","truncate","/>","--"};
string[] strary = str.Split(' ');
foreach(string str_temp in ary)
{
foreach (string strary_temp in strary)
{
if (strary_temp.Trim() == str_temp)
{
Response.Write("<script>window.alert('参数存在不安全字符');"+"</"+"script>");
Response.Write("<script>history.go(-1);"+"</"+"script>");
Response.End();
}
}
}
}
</script>
