public static string KillSqlInjectionWords(string WithBadChars)
{
string[] SqlInjectionKeywords = { "select", "drop", ";", "--", "insert", "delete", "xp_","sp_", "exec", "'"
};
string WithoutBadChars = "";
for (int i = 0; i < SqlInjectionKeywords.Length; i++)
{
WithoutBadChars = WithBadChars.Replace(SqlInjectionKeywords[i], "");
WithBadChars = WithoutBadChars;
}
return WithoutBadChars;
}
private void SqlClear(Control parent)
{
foreach (Control c in parent.Controls)
{
if (c.Controls.Count > 0)
SqlClear(c);
else
{
if (c is TextBox)
((TextBox)c).Text = SqlKorunma.KillSqlInjectionWords(((TextBox)c).Text);
//(c as TextBox).Text = "";
if (c is CheckBox)
(c as CheckBox).Checked = false;
if (c is DropDownList)
(c as DropDownList).SelectedIndex = 1;
}
}
}
}
0 yorum:
Yorum Gönder