.net基础问题

string sqlstr = @"select BranchCode,BranchName from t_sys_Branch where Jglx_DataDm='{0}' and IsVisible=1";
sqlstr = string.Format(sqlstr, departType);

上述代码运行之后 sqlstr="select BranchCode,BranchName from t_sys_Branch where Jglx_DataDm='departType的值' and IsVisible=1"

用于给字符串中的参数赋值

登录时采用form认证保证用户密码安全，对字符串strPassword进行MD5加密

FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword,"MD5");

防止sql注入的情况

sql注入：利用sql关键字对网站进行攻击，防止：过滤关键字  代码有待修改

//防止SQL注入==========================================================================================
//SQL防注入
string Sql_1 = "exec|insert+|select+|delete|update|count|chr|mid|master+|truncate|char|declare|drop+|drop+table|creat+|creat+table";
string Sql_2 = "exec+|insert+|delete+|update+|count(|count+|chr+|+mid(|+mid+|+master+|truncate+|char+|+char(|declare+|drop+|creat+|drop+table|creat+table";
string[] sql_c = Sql_1.Split('|');
string[] sql_c1 = Sql_2.Split('|');

if (Request.QueryString != null)
{
foreach (string sl in sql_c)
{
if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0)
{
Response.Write("警告！你的IP已经被记录!");//吓唬人的
Response.Write(sl);
Response.Write(Request.QueryString.ToString());
//System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.F
//orms.MessageBoxButtons.OK,System.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
//Response.Redirect("http://www.163.com");
Response.End();
break;
}
}
}

if (Request.Form.Count > 0)
{

string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
if (Request.ServerVariables["HTTP_REFERER"] != null)
{
string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
string s3 = "";
if (s1.Length > (s2.Length - 7))
{
s3 = s2.Substring(7);
}
else
{
s3 = s2.Substring(7, s1.Length);
}
if (s3 != s1)
{
Response.Write("你的IP已被记录！警告！");//吓人的
//System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.Forms.MessageBoxButtons.OK,Sy
//stem.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
//Response.Redirect("http://www.163.com");
Response.End();
}
}
}