SQL注入拦截

fe3a1bb6 · ruyun.zhang · 4b05f152 · fe3a1bb6
Commit fe3a1bb6 authored Jun 08, 2023 by ruyun.zhang
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

performance/Performance.Api/Filters/AntiSqlInjectFilter.cs
+2 -2

No files found.
--- a/performance/Performance.Api/Filters/AntiSqlInjectFilter.cs
+++ b/performance/Performance.Api/Filters/AntiSqlInjectFilter.cs
@@ -27,7 +27,7 @@ public class AntiSqlInject
        /// </summary>
        static AntiSqlInject()
        {
-            SqlKeywordsArray.AddRange(SqlSeparatKeywords.Split('|'));
+            //SqlKeywordsArray.AddRange(SqlSeparatKeywords.Split('|'));
            SqlKeywordsArray.AddRange(Array.ConvertAll(SqlCommandKeywords.Split('|'), h => h + " "));
            SqlKeywordsArray.AddRange(Array.ConvertAll(SqlCommandKeywords.Split('|'), h => " " + h));
        }
@@ -39,7 +39,7 @@ static AntiSqlInject()
        //private static string StrSymbol = ";|(|)|[|]|{|}|%|@|*|'|!";
        private const string SqlCommandKeywords = "*|and|asc(|by|char|char(|chr|column_name|count|count(|create|declare|delete|drop|drop table|exec|execute|from|grant|group_concat|having|information_schema.columns|insert|like|master|mid|mid(|net local group administrators|net user|or|orderhaving|select|sitename|table|table_schema|truncate|union|update|use|where|xp_cmdshell";
-        private const string SqlSeparatKeywords = "--|;|!|'|\"|(|)|[|]|{|}|*|/*|#|%";
+        //private const string SqlSeparatKeywords = "--|;|!|'|\"|(|)|[|]|{|}|*|/*|#|%";
        private static readonly List<string> SqlKeywordsArray = new List<string>();
        /// <summary>