在CSDN上看到的一个过滤方法,感觉还不错
2015-06-18 16:22
232 查看
/// <summary>
/// 把字符串中包含的敏感词替换成别的关键字
/// </summary>
/// <param name="s">原字符串</param>
/// <param name="oldstr">要查找的敏感词</param>
/// <param name="newstr">替换后的关键字</param>
/// <returns>新的字符串</returns>
private string ChangeSubStr(string s, string oldstr, string newstr)
{
if (s == null || s == "")
return "";
//转为小写
string s1 = s.ToLower();
//获取第一个匹配项的索引值
int i = s1.IndexOf(oldstr);
//如果有匹配的(有关键字)
while (i != -1)
{
//截取有敏感词之前的内容
string l = s.Substring(0, i);
//截取敏感词之后的内容
string r = s.Substring(i + oldstr.Length);
//组合成新的内容
s = l + newstr + r;
s1 = s.ToLower();
i = s1.IndexOf(oldstr);
}
return s;
}
private void CheckForSQLs(HttpRequest Request, HttpResponse Response)
{
string[] sql = new string[] { "/*", "*/", "--", "'", "declare", "select", "into", "insert", "update", "delete", "drop", "create", "exec", "master" };
string[] sqlc = new string[] { "/ *", "* /", "- -", "'", "declare", "select", "into", "insert", "update", "delete", "drop", "create", "exec", "master" };
//Form
if (Request.Form.Count > 0)
{
Type type = typeof(System.Collections.Specialized.NameObjectCollectionBase);// Request.Form.GetType();
PropertyInfo pi = type.GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
pi.SetValue(Request.Form, false, null);
for (int i = 0; i < Request.Form.Count; i++)
{
string s = Request.Form[i];
//查询每个敏感词,如果字符里含有敏感词,则替换成中文类型的字符
for (int j = 0; j < sql.Length; j++)
s = ChangeSubStr(s, sql[j], sqlc[j]);
Request.Form.Set(Request.Form.GetKey(i), s);
}
pi.SetValue(Request.Form, true, null);
}
//QueryString
if (Request.QueryString.Count > 0)
{
Type type = typeof(System.Collections.Specialized.NameObjectCollectionBase);// Request.Form.GetType();
PropertyInfo pi = type.GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
pi.SetValue(Request.QueryString, false, null);
for (int i = 0; i < Request.QueryString.Count; i++)
{
string s = Request.QueryString[i];
for (int j = 0; j < sql.Length; j++)
s = ChangeSubStr(s, sql[j], sqlc[j]);
Request.QueryString.Set(Request.QueryString.GetKey(i), s);
}
pi.SetValue(Request.QueryString, true, null);
}
//cookie
for (int k = 0; k < Request.Cookies.Count; k++)
{
HttpCookie c = Request.Cookies[k];
if (c.Values.Count > 0)
{
Type type = typeof(System.Collections.Specialized.NameObjectCollectionBase);// Request.Form.GetType();
PropertyInfo pi = type.GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
pi.SetValue(c.Values, false, null);
for (int i = 0; i < c.Values.Count; i++)
{
string s = c.Values[i];
for (int j = 0; j < sql.Length; j++)
s = ChangeSubStr(s, sql[j], sqlc[j]);
c.Values.Set(c.Values.GetKey(i), s);
}
pi.SetValue(c.Values, true, null);
}
Response.Cookies.Set(c);
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Spring定时任务的几种实现
- a:link,a:visited,a:hover,a:active
- opencv 一个简单的视频播放器设置
- nginx安装过程,报错处理:make[1]: *** [objs/addon/src/bson.o] Error 1
- 第一次使用这种博客
- 工业串口和网络软件通讯平台(SuperIO 2.0)发布
- nginx安装过程,报错处理:make[1]: *** [objs/addon/src/bson.o] Error 1
- pycharm 快捷键
- 织梦DedeCMS的4个常用函数介绍
- C++指针数组、数组指针、数组名及二维数组技巧汇总
- linux系统安装mysql
- Win7电脑通知区域时间显示消失的解决方法
- 键盘事件 getKeyCode() getKeyChar()以及getKeyModifiersText()
- 1.4. Control Structures
- Google I/O 2009 Make your Android UI Fast and Efficient
- Servlet Url Mapping
- Quartz Cron 生成工具
- 安卓应用开发之eclipse新建安卓模拟器(虚拟机)
- springMVC绑定数据的方式
- Android利用canvas画各种图形(点、直线、弧、圆、椭圆、文字、矩形、多边形、曲线、圆角矩形)