using System;
using System.Text.RegularExpressions;
using System.Web;
namespace FSqlKeyWord
{
/**//**//**//// <summary>
/// SqlKey 的摘要说明。
/// </summary>
public class SqlKey
{
private HttpRequest request;
//private const string StrKeyWord = @"select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";
//string StrKeyWord1 = @"(like|and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join)".Replace("|",")|(");
private const string StrKeyWord = @"( like | and | exec |insert|select|delete|update|chr|mid|master| or |truncate|char|declare|join|exec master|xp_cmdshell|net user|systypes|sysobjects)";
//private const string StrRegex = @"([-|;|,|/|(|)|[|]|}|{|%|@|*|!|'])";
private const string StrRegex = @"--|'|@|!";
public SqlKey(System.Web.HttpRequest _request)
{
//
// TODO: 在此处添加构造函数逻辑
//
this.request = _request;
}
public SqlKey()
{
//
// TODO: 在此处添加构造函数逻辑
//
//this.request = _request;
}
/**//**//**//// <summary>
/// 只读属性 SQL关键字
/// </summary>
public static string KeyWord
{
get
{
return StrKeyWord;
}
}
/**//**//**//// <summary>
/// 只读属性过滤特殊字符
/// </summary>
public static string RegexString
{
get
{
return StrRegex;
}
}
/**//**//**//// <summary>
/// 检查URL参数中是否带有SQL注入可能关键字。
/// </summary>
/// <param na
