欢迎光临
我们一直在努力
当前位置:刘旭的人个博客 > 技术 > 正文

mysql数据库恶意代码注入的清理

2009-11-27 admin 分类:技术 阅读(534) 评论(0)

using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
string dataName = "";
string tableName = "";
string datafield = "";
string S_str = "";
string ReS_str = "";
string LogName = "";
string LogPsw = "";
protected void Button1_Click(object sender, EventArgs e)
{
dataName = txtDb.Text.Trim();// 数据库名
tableName = txtTb.Text.Trim();//表名
datafield = txtField.Text.Trim();//列名
S_str = txtTheStr.Text.Trim();//清理的字符串
ReS_str = txtStr.Text.Trim();//被清理的字符串
LogName = txtLogName.Text.Trim();//数据库登录名
LogPsw = txtLogPsw.Text.Trim();//数据库登录密码
//集成验证
//string strcon = @"Data Source=.;Initial Catalog="+dataName+";Integrated Security=True";
string strcon =@"server=localhost;database="+dataName+";UID="+LogName+" ;PassWord="+LogPsw;
SqlConnection con = new SqlConnection();
con.ConnectionString = strcon;
SqlCommand com = con.CreateCommand();
//创建内存表
DataTable myTempTb = new DataTable();
myTempTb.Columns.Add("Id");
myTempTb.Columns.Add("Content");
//
com.CommandText = "select ID,"+datafield+" from "+tableName;
SqlDataReader dr;
con.Open();
try
{
dr = com.ExecuteReader();
//清理数据
string Contentstr = "";
while(dr.Read())
{
string Id = dr[0].ToString();
Contentstr = dr[1].ToString();
Contentstr = Contentstr.Replace(S_str, ReS_str);
//清理后暂时存在内存表中
myTempTb.Rows.Add(new object[] { Id, Contentstr });
}
dr.Close();
dr.Dispose();
con.Close();
con.Dispose();
//回填数据
for (int i = 0; i < myTempTb.Rows.Count; i++) { string id =""; id= myTempTb.Rows[0].ToString();
Contentstr = myTempTb.Rows[1].ToString();
execTheRe(id, Contentstr);
}
Response.Write("");

}
catch (Exception ex)
{
Response.Write("");
}
}
private void execTheRe(string id, string content)
{
try
{
string strcon = @"server=localhost;database=" + dataName + ";UID=" + LogName + " ;PassWord=" + LogPsw;
SqlConnection con = new SqlConnection();
con.ConnectionString = strcon;
SqlCommand com = con.CreateCommand();
con.Open();
com.CommandText = "update " + tableName + " set " + datafield + "=@content where ID=" + id;
SqlParameter myPar;
myPar = new SqlParameter("@content", SqlDbType.Text);
myPar.Value = content;
com.Parameters.Add(myPar);
com.ExecuteNonQuery();
con.Close();
}
catch (Exception ex)
{
Response.Write("");
}
}
}

历史上的今天
11 月
27
赞(0) 打赏
未经允许不得转载:刘旭的人个博客 » mysql数据库恶意代码注入的清理
分享到: 更多 (0)
标签:

相关推荐

评论 抢沙发

评论前必须登录!

 

QQ :13945502电话:13913571631

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏

×
订阅图标按钮