ASP.NET·ÀÖ¹SQL×¢È뺯Êý:
using System;
using System.Text.RegularExpressions;
using System.Web;
namespace FSqlKeyWord
......{
/**//**//**//// <summary>
/// SqlKey µÄժҪ˵Ã÷¡£
/// </summary>
public class SqlKey
......{
private HttpRequest request;
private const string StrKeyWord = @"select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";
private const string StrRegex = @"[-|;|,|/|(|)|[|]|}|{|%|@|*|!|']";
public SqlKey(System.Web.HttpRequest _request)
......{
//
// TODO: ÔÚ´Ë´¦Ìí¼Ó¹¹Ô캯ÊýÂß¼
//
this.request = _request;
}
/**//**//**//// <summary>
/// Ö»¶ÁÊôÐÔ SQL¹Ø¼ü×Ö
/// </summary>
public static string KeyWord
......{
get
......{
return StrKeyWord;
}
}
&nbs
//private string datapatch = ConfigurationSettings.AppSettings["acessconn"];//Êý¾Ý¿âµØÖ·
private string datapatch = "db/global.asa";//Êý¾Ý¿âµØÖ·
///
/// È¡µÃdataset
//
/// ²éѯÓï¾ä
///
public DataSet GetDataSet(string Commandtext)
{&nbs ......
ÔÚweb configÖÐ ×÷ÈçÏÂÅäÖãº
<connectionStrings>
<add name="ydycon" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;
Data Source=|DataDirectory|ydy.mdb" providerName="System.Data.OleDb"/>
</connectionStrings>
ÔÚ.netÎļþÖÐÓ¦ÓÃÁ´½Ó ......
/// <summary>
/// ·µ»Ø·ÖÒ³SQLÓï¾ä
/// </summary>
/// <param name="selectSql">²éѯSQLÓï¾ä</param>
/// ......
