.net sql防注入代码
//返回 return handler;}
//过滤TextBox、Input和Textarea中的特殊字符
void FilterStrFactoryHandler_PreLoad(object sender, EventArgs e)
{
try
{
Page page = sender as Page;
NameValueCollection postData = page.Request.Form;
foreach (string postKey in postData)
{
Control ctl = page.FindControl(postKey);
if (ctl as TextBox != null)
{
((TextBox)ctl).Text = Common.InputText(((TextBox)ctl).Text);
continue;
}
if (ctl as HtmlInputControl != null)
{
((HtmlInputControl)ctl).Value = Common.InputText(((HtmlInputControl)ctl).Value);
continue;
}
if (ctl as HtmlTextArea != null)
{
((HtmlTextArea)ctl).Value = Common.InputText(((HtmlTextArea)ctl).Value);
continue;
}
}
}
catch { }
}
页:
[1]