SQL注入式攻击代码分析#region SQL注入式攻击代码分析
    /**////  <summary>
    /// 处理用户提交的请求
    ///  </summary>
    private void StartProcessRequest()
    {
      
            string getkeys = "";
            string sqlErrorPage = "web_error.aspx";//转向的错误提示页面
        if (System.Web.HttpContext.Current.Request.QueryString != null)
        {

            for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
            {
                getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
                if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
                {
                    //System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage + "?code=1&str=" + System.Web.HttpContext.Current.Request.QueryString[getkeys]);
                    System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage + "?code=1&str=InvalidRequest");
                    return;
                    //System.Web.HttpContext.Current.Response.End();
                }
            }
        }
          
    }
    /**////  <summary>
    /// 分析用户请求是否正常
    ///  </summary>
    ///  <param name="Str">传入用户提交数据 </param>
    ///  <returns>返回是否含有SQL注入式攻击代码 </returns>
    private bool ProcessSqlStr(string Str)
    {
        bool ReturnValue = true;
        try
        {
            if (Str.Trim() != "")
            {
                string SqlStr = "and ¦exec ¦insert ¦select ¦delete ¦update ¦count ¦*  ¦' ¦chr ¦mid ¦master ¦truncate ¦char ¦declare";

                string[] anySqlStr = SqlStr.Split('¦');
                foreach (string ss in anySqlStr)
                {
                    if (Str.ToLower().IndexOf(ss.Trim()) >= 0)
                    {
                        ReturnValue = false;
                        break;
                    }
                }
            }
        }
        catch
        {
            ReturnValue = false;
        }
        return ReturnValue;
    }
    #endregion