|
@ -1,98 +0,0 @@ |
|
|
using System; |
|
|
|
|
|
using System.Text; |
|
|
|
|
|
using System.Collections.Generic; |
|
|
|
|
|
using System.Web; |
|
|
|
|
|
using System.Web.UI; |
|
|
|
|
|
using System.Web.UI.WebControls; |
|
|
|
|
|
using System.Data; |
|
|
|
|
|
using System.Text.RegularExpressions; |
|
|
|
|
|
|
|
|
|
|
|
namespace basic |
|
|
|
|
|
{ |
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// QZRequest 的摘要说明
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
public class QZRequest |
|
|
|
|
|
{ |
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 获得指定Url参数的值
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="strName">Url参数</param>
|
|
|
|
|
|
/// <returns>Url参数的值</returns>
|
|
|
|
|
|
public static string GetQueryString(string strName) |
|
|
|
|
|
{ |
|
|
|
|
|
return GetString(strName); |
|
|
|
|
|
} |
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 获得指定Url参数的值 转换为int
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="strName">参数</param>
|
|
|
|
|
|
/// <param name="intDefault">默认值</param>
|
|
|
|
|
|
public static int GetQueryInt(string strName, int intDefault) |
|
|
|
|
|
{ |
|
|
|
|
|
int Int = intDefault; |
|
|
|
|
|
if (HttpContext.Current.Request.QueryString[strName] == null) |
|
|
|
|
|
{ |
|
|
|
|
|
Int = intDefault; |
|
|
|
|
|
} |
|
|
|
|
|
else |
|
|
|
|
|
{ |
|
|
|
|
|
try |
|
|
|
|
|
{ |
|
|
|
|
|
Int = Int32.Parse(HttpContext.Current.Request.QueryString[strName]); |
|
|
|
|
|
} |
|
|
|
|
|
catch |
|
|
|
|
|
{ |
|
|
|
|
|
Int = intDefault; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
return Int; |
|
|
|
|
|
} |
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// 获得指定Url参数的值
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="strName">Url参数</param>
|
|
|
|
|
|
/// <param name="sqlSafeCheck">是否进行SQL安全检查</param>
|
|
|
|
|
|
/// <returns>Url参数的值</returns>
|
|
|
|
|
|
private static string GetString(string strName) |
|
|
|
|
|
{ |
|
|
|
|
|
if (HttpContext.Current.Request.QueryString[strName] == null) |
|
|
|
|
|
{ |
|
|
|
|
|
return ""; |
|
|
|
|
|
} |
|
|
|
|
|
bool bol = true; |
|
|
|
|
|
bol = IsSafeString(HttpContext.Current.Request.QueryString[strName]); |
|
|
|
|
|
if (!bol) |
|
|
|
|
|
{ |
|
|
|
|
|
return ""; |
|
|
|
|
|
} |
|
|
|
|
|
return HttpContext.Current.Request.QueryString[strName]; |
|
|
|
|
|
} |
|
|
|
|
|
// 检查危险字符
|
|
|
|
|
|
private static bool IsSafeString(string Str) |
|
|
|
|
|
{ |
|
|
|
|
|
string SqlStr = "'|and|exec|insert|select|delete|update|count|*|chr|mid|master|truncate|char|declare"; |
|
|
|
|
|
bool ReturnValue = true; |
|
|
|
|
|
try |
|
|
|
|
|
{ |
|
|
|
|
|
if (Str != "") |
|
|
|
|
|
{ |
|
|
|
|
|
string[] anySqlStr = SqlStr.Split('|'); |
|
|
|
|
|
foreach (string ss in anySqlStr) |
|
|
|
|
|
{ |
|
|
|
|
|
if (Str.IndexOf(ss) >= 0) |
|
|
|
|
|
{ |
|
|
|
|
|
ReturnValue = false; |
|
|
|
|
|
break; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
catch |
|
|
|
|
|
{ |
|
|
|
|
|
ReturnValue = false; |
|
|
|
|
|
} |
|
|
|
|
|
return ReturnValue; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|