简单的正则表达式问题(C#、SQL Server)
我有一些正则表达式,它看起来像这样:
string regexForDrop = @"^((%27)|'|(\-\-))\s*(d|%64|%44)(r|%72|%52)(o|%6F|%4F)(p|%70|%50)$";
当我写入输入“--drop”时,它工作正常,但当我写入“drop table users”或类似内容时,它不起作用。我需要它能够正常工作,无论“--drop”之后发生什么。我怎样才能实现它?
谢谢
I have some Regex, it looks like this:
string regexForDrop = @"^((%27)|'|(\-\-))\s*(d|%64|%44)(r|%72|%52)(o|%6F|%4F)(p|%70|%50)$";
It works fine, when i write to the input "--drop", but it does not works, when i write "drop table users" or something like that. I need that it would be working, no matter what comes after "--drop". How i can implement that?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
看来你试图阻止 sql 注入攻击。为此,使用参数化查询,这样您就不需要检查注入。
好读:
http:// weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx
It seems you trying to prevent a sql injection attack. For this use Parameterized Queries this way you don't need to check for injections.
Good Read:
http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx
?或没有
$? or without the
$删除正则表达式末尾的“$”。 $ 匹配输入字符串的结尾。
Remove the '$' at the end of your regular expression. $ matches the end of the input string.