ASP.NET·ÀÖ¹SQL×¢È뺯Êý
ASP.NET·ÀÖ¹SQL×¢È뺯Êý:
using System;
using System.Text.RegularExpressions;
using System.Web;
namespace FSqlKeyWord
......{
/**//**//**//// <summary>
/// SqlKey µÄժҪ˵Ã÷¡£
/// </summary>
public class SqlKey
......{
private HttpRequest request;
private const string StrKeyWord = @"select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";
private const string StrRegex = @"[-|;|,|/|(|)|[|]|}|{|%|@|*|!|']";
public SqlKey(System.Web.HttpRequest _request)
......{
//
// TODO: ÔÚ´Ë´¦Ìí¼Ó¹¹Ô캯ÊýÂß¼
//
this.request = _request;
}
/**//**//**//// <summary>
/// Ö»¶ÁÊôÐÔ SQL¹Ø¼ü×Ö
/// </summary>
public static string KeyWord
......{
get
......{
return StrKeyWord;
}
}
&nbs
Ïà¹ØÎĵµ£º
Ê×Ò³£º
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head ......
±ístuinfo£¬ÓÐÈý¸ö×Ö¶Îrecno(×ÔÔö),stuid,stuname
½¨¸Ã±íµÄSqlÓï¾äÈçÏ£º
CREATE TABLE [StuInfo] (
[recno] [int] IDENTITY (1, 1) NOT NULL ,
[stuid] [varchar] (10) COLLATE Chinese_PRC_CI_AS NOT NULL ,
[stuname] [varchar] (10) COLLATE Chinese_PRC_CI_AS NOT NULL
) ON [PRIMARY]
GO
1.--²éijһÁ ......
/// <summary>
/// ·µ»Ø·ÖÒ³SQLÓï¾ä
/// </summary>
/// <param name="selectSql">²éѯSQLÓï¾ä</param>
/// ......
ÈÕÆÚת»¯Ò»
ΪÁË´ïµ½²»Í¬µÄÏÔʾЧ¹ûÓÐʱ£¬ÎÒÃÇÐèÒª¶Ôʱ¼ä½øÐÐת»¯£¬Ä¬ÈϸñʽΪ£º2007-01-03 14:33:34 £¬Òª×ª»¯ÎªÆäËû¸ñʽ£¬ÒªÓõ½DateTime.ToStringµÄ·½·¨(String, IFormatProvider)£¬ÈçÏÂËùʾ£º
using System;
using System.Globalization;
String format="D";
DateTime date=DataTime,Now;
Response.Write(date.ToS ......
1. ´ò¿ªÐµĴ°¿Ú²¢´«ËͲÎÊý£º
´«ËͲÎÊý£º
response.write("£¼script£¾window.open('*.aspx?id="+this.DropDownList1.SelectIndex+"&id1="+...+"')£¼/script£¾")
½ÓÊÕ²ÎÊý£º
string a = Request.QueryString("id");
string b = Request.QueryString("id1");
2.Ϊ°´Å¥Ìí¼Ó¶Ô»°¿ò
Button1.Attribute ......
