CloudComputingFinalProject/QZRequest.cs

using System;
using System.Text;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Text.RegularExpressions;

namespace basic
{
    /// <summary>
    /// QZRequest 的摘要说明
    /// </summary>
    public class QZRequest
    {
        /// <summary>
        /// 获得指定Url参数的值
        /// </summary>
        /// <param name="strName">Url参数</param>
        /// <returns>Url参数的值</returns>
        public static string GetQueryString(string strName)
        {
            return GetString(strName);
        }
        /// <summary>
        /// 获得指定Url参数的值 转换为int
        /// </summary>
        /// <param name="strName">参数</param>
        /// <param name="intDefault">默认值</param>
        public static int GetQueryInt(string strName, int intDefault)
        {
            int Int = intDefault;
            if (HttpContext.Current.Request.QueryString[strName] == null)
            {
                Int = intDefault;
            }
            else
            {
                try
                {
                    Int = Int32.Parse(HttpContext.Current.Request.QueryString[strName]);
                }
                catch
                {
                    Int = intDefault;
                }
            }
            return Int;
        }
        /// <summary>
        /// 获得指定Url参数的值
        /// </summary> 
        /// <param name="strName">Url参数</param>
        /// <param name="sqlSafeCheck">是否进行SQL安全检查</param>
        /// <returns>Url参数的值</returns>
        private static string GetString(string strName)
        {
            if (HttpContext.Current.Request.QueryString[strName] == null)
            {
                return "";
            }
            bool bol = true;
            bol = IsSafeString(HttpContext.Current.Request.QueryString[strName]);
            if (!bol)
            {
                return "";
            }
            return HttpContext.Current.Request.QueryString[strName];
        }
        // 检查危险字符
        private static bool IsSafeString(string Str)
        {
            string SqlStr = "'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare";
            bool ReturnValue = true;
            try
            {
                if (Str != "")
                {
                    string[] anySqlStr = SqlStr.Split('|');
                    foreach (string ss in anySqlStr)
                    {
                        if (Str.IndexOf(ss) >= 0)
                        {
                            ReturnValue = false;
                            break;
                        }
                    }
                }
            }
            catch
            {
                ReturnValue = false;
            }
            return ReturnValue;
        }
    }
}