易截截图软件、单文件、免安装、纯绿色、仅160KB

防止页面在跳转的时候被SQL注入

首先写一个SQL注入过滤的类:
public class SqlFilter
{
#region SQL注入式攻击代码分析
/// <summary>
/// 处理用户提交的请求
/// </summary>
public void StartProcessRequest()
{
string getkeys = "";
string sqlErrorPage = "~/no.html";//转向的错误提示页面
try
{
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage,false);
System.Web.HttpContext.Current.ApplicationInstance.CompleteRequest();
//System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
if (getkeys == "__VIEWSTATE") continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage,false);
System.Web.HttpContext.Current.ApplicationInstance.CompleteRequest();
//System.Web.HttpContext.Current.Response.End();


相关文档:

值得收藏的Microsoft SQL Server下的SQL语句

SQL语句先前写的时候,很容易把一些特殊的用法忘记,我特此整理了一下SQL语句操作。
一、基础
1、说明:创建数据库
CREATE DATABASE database-name
2、说明:删除数据库
drop database dbname
3、说明:备份sql server
--- 创建 备份数据的 device
USE master
EXEC sp_addumpdevice 'disk', 'testBack', 'c:\mssq ......

db2 V8的有关SQL limits

The following tables describe certain SQL
limits. Adhering to the most restrictive case can help the programmer
design application programs that are easily portable.
Table 7. Identifier Length Limits
Description
Limit in Bytes
Longest authorization
name (can only be single-byte characters) ......

【转】ACCESS中如何在SQL语句的WHERE条件中加日期条件

转自
http://topic.csdn.net/t/20050110/09/3711952.html
access中时间要用#,不是双引号  
  select   *   from   kc   where   rq   <   #2000-01-01#   and   rq>#2002-01-01#  
  不要用between,它的效率泰低  
使用# 而不是 ......

PL/SQL游标总结

游标:指向处理SQL语句的环境区域的指针或句柄
-----|-1 静态游标
       |---1.1 隐式游标
       |          处理:INSERT,DELETE,UPDATE及返回一行的SELECT语句
       | ......

Oracle SQL Developer工具不能启动解决办法

下载解压了Oracle SQL Developer工具,运行时,启动不了,报错信息如下:
---------------------------
Unable to create an instance of the Java Virtual Machine
Located at path:
<SQLDEVELOPER>\jdk\jre\bin\client\jvm.dll
---------------------------
是JVM参数设置的问题,我的解决方案如下:
<SQ ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号