This article example describes the method of C# to verify whether the user input information contains dangerous strings. Share it for your reference. The specific analysis is as follows:
This C# function can be used for back-end verification of form input data, and determine whether the user has submitted some dangerous injected characters related to SQL.
/// <summary>
/// Check whether the string entered by the client is valid and modify the original string to a valid string or an empty string/// When an offensive and dangerous string is detected in the client's input, it returns false and returns true effectively./// </summary>
/// <param name="input">String to be detected</param>public static bool IsValidInput(ref string input)
{
try
{
if (IsNullOrEmpty(input))
{
//If it is a null value, it will jump out return true;
}
else
{
//Replace single quotes input = ("'", "''").Trim();
//Detection of aggressive hazard string string testString = "and |or |exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare ";
string[] testArray = ('|');
foreach (string testStr in testArray)
{
if (().IndexOf(testStr) != -1)
{
//Attack string is detected and clear the passed value input = "";
return false;
}
}
//The attack string was not detected return true;
}
}
catch (Exception ex)
{
throw new Exception();
}
}
I hope this article will be helpful to everyone's C# programming.