最新消息:新席地网:网页制作,360度全景摄影,微信营销推广,详情见:新席地网xxidi.com,电话:13913571631

mysql数据库恶意代码注入的清理

技术 admin 2676浏览 0评论

using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
string dataName = "";
string tableName = "";
string datafield = "";
string S_str = "";
string ReS_str = "";
string LogName = "";
string LogPsw = "";
protected void Button1_Click(object sender, EventArgs e)
{
dataName = txtDb.Text.Trim();// 数据库名
tableName = txtTb.Text.Trim();//表名
datafield = txtField.Text.Trim();//列名
S_str = txtTheStr.Text.Trim();//清理的字符串
ReS_str = txtStr.Text.Trim();//被清理的字符串
LogName = txtLogName.Text.Trim();//数据库登录名
LogPsw = txtLogPsw.Text.Trim();//数据库登录密码
//集成验证
//string strcon = @"Data Source=.;Initial Catalog="+dataName+";Integrated Security=True";
string strcon =@"server=localhost;database="+dataName+";UID="+LogName+" ;PassWord="+LogPsw;
SqlConnection con = new SqlConnection();
con.ConnectionString = strcon;
SqlCommand com = con.CreateCommand();
//创建内存表
DataTable myTempTb = new DataTable();
myTempTb.Columns.Add("Id");
myTempTb.Columns.Add("Content");
//
com.CommandText = "select ID,"+datafield+" from "+tableName;
SqlDataReader dr;
con.Open();
try
{
dr = com.ExecuteReader();
//清理数据
string Contentstr = "";
while(dr.Read())
{
string Id = dr[0].ToString();
Contentstr = dr[1].ToString();
Contentstr = Contentstr.Replace(S_str, ReS_str);
//清理后暂时存在内存表中
myTempTb.Rows.Add(new object[] { Id, Contentstr });
}
dr.Close();
dr.Dispose();
con.Close();
con.Dispose();
//回填数据
for (int i = 0; i < myTempTb.Rows.Count; i++) { string id =""; id= myTempTb.Rows[0].ToString();
Contentstr = myTempTb.Rows[1].ToString();
execTheRe(id, Contentstr);
}
Response.Write("");

}
catch (Exception ex)
{
Response.Write("");
}
}
private void execTheRe(string id, string content)
{
try
{
string strcon = @"server=localhost;database=" + dataName + ";UID=" + LogName + " ;PassWord=" + LogPsw;
SqlConnection con = new SqlConnection();
con.ConnectionString = strcon;
SqlCommand com = con.CreateCommand();
con.Open();
com.CommandText = "update " + tableName + " set " + datafield + "=@content where ID=" + id;
SqlParameter myPar;
myPar = new SqlParameter("@content", SqlDbType.Text);
myPar.Value = content;
com.Parameters.Add(myPar);
com.ExecuteNonQuery();
con.Close();
}
catch (Exception ex)
{
Response.Write("");
}
}
}



分享到: 更多

转载请注明:梦寻天涯的博客 » mysql数据库恶意代码注入的清理

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址