/// Web请求安全类
///</summary>
publicclass RequestKeeper
{
///<summary>
/// 获取查询字符串字符值
///</summary>
///<param name="key"></param>
///<returns></returns>
publicstaticstring GetQuerryString(string key)
{
string s = GetQuerry(key);
return InputText(s);
}
///<summary>
///获取查询字符串数字值
///</summary>
///<param name="key"></param>
///<returns></returns>
publicstaticint GetQuerryInt(string key)
{
int i =0;
int.TryParse(GetQuerryString(key), out i);
return i;
}
#region Utilities
privatestaticstring GetQuerry(string key)
{
string s ="";
if (System.Web.HttpContext.Current.Request.QueryString[key] !=null)
{
s = System.Web.HttpContext.Current.Request.QueryString[key];
}
return s;
}
#endregion
///<summary>
/// 获取表单字符值
///</summary>
///<param name="strText"></param>
///<returns></returns>
publicstaticstring GetFormString(string strText)
{
return InputText(strText);
}
///<summary>
/// 获取表单数字值
///</summary>
///<param name="strText"></param>
///<returns></returns>
publicstaticint GetFormInt(string strText)
{
strText = GetFormString(strText);
int i =0;
int.TryParse(strText, out i);
return i;
}
#region Utilities
///<summary>
/// 验证是否为正整数
///</summary>
///<param name="str"></param>
///<returns></returns>
publicstaticbool IsInt(string str)
{
return Regex.IsMatch(str, @"^[0-9]*$");
}
///<summary>
/// 验证是否为日期格式的字符串
///</summary>
///<param name="str"></param>
///<returns></returns>
publicstaticbool IsDateString(string str)
{
return Regex.IsMatch(str, @"(\d{4})-(\d{1,2})-(\d{1,2})");
}
///<summary>
/// 返回 HTML 字符串的编码结果
///</summary>
///<param name="str">字符串</param>
///<returns>编码结果</returns>
publicstaticstring HtmlEncode(string str)
{
return HttpUtility.HtmlEncode(str);
}
///<summary>
/// 返回 HTML 字符串的解码结果
///</summary>
///<param name="str">字符串</param>
///<returns>解码结果</returns>
publicstaticstring HtmlDecode(string str)
{
return HttpUtility.HtmlDecode(str);
}
///<summary>
/// 返回 URL 字符串的编码结果
///</summary>
///<param name="str">字符串</param>
///<returns>编码结果</returns>
publicstaticstring UrlEncode(string str)
{
return HttpUtility.UrlEncode(str);
}
///<summary>
/// 返回 URL 字符串的编码结果
///</summary>
///<param name="str">字符串</param>
///<returns>解码结果</returns>
publicstaticstring UrlDecode(string str)
{
return HttpUtility.UrlDecode(str);
}
///<summary>
/// HH:mm:ss
///</summary>
///<returns>日期字符串</returns>
publicstaticstring GetTime()
{
return GetDateTime("HH:mm:ss", null);
}
///<summary>
/// yyyy-MM-dd
///</summary>
///<returns>日期字符串</returns>
publicstaticstring GetDate()
{
return GetDateTime("yyyy-MM-dd", null);
}
///<summary>
/// yyyy-MM-dd HH:mm:ss
///</summary>
///<returns>日期字符串</returns>
publicstaticstring GetDateTime()
{
return GetDateTime("yyyy-MM-dd HH:mm:ss", null);
}
///<summary>
/// yyyy-MM-dd HH:mm:ss
///</summary>
///<param name="adddays">需要增加的天数</param>
///<returns>日期字符串</returns>
publicstaticstring GetDateTime(int adddays)
{
return DateTime.Now.AddDays(adddays).ToString("yyyy-MM-dd HH:mm:ss");
}
///<summary>
/// 自定义日期
///</summary>
///<param name="formats">日期格式 如:yyyy-MM-dd</param>
///<param name="defaultd">默认日期 如:2010-10-10</param>
///<returns>日期字符串</returns>
publicstaticstring GetDateTime(string formats, string defaultd)
{
if (string.IsNullOrEmpty(formats)) { formats ="yyyy-MM-dd"; }
if (string.IsNullOrEmpty(defaultd)) { defaultd = DateTime.Now.ToString("yyyy-MM-dd"); }
string d ="";
try
{
d = DateTime.Now.ToString(formats);
}
catch (FormatException e)
{
d = Convert.ToDateTime(defaultd).ToString("yyyy-MM-dd");
}
return d;
}
///<summary>
/// 清除所有脚本
///</summary>
///<param name="inputText"></param>
///<returns></returns>
privatestaticstring InputText(string inputText)
{
if (inputText ==null) return"";
inputText = Regex.Replace(inputText, "[\\s]{2,}", "");
inputText = Regex.Replace(inputText, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n");
inputText = Regex.Replace(inputText, "(\\s*&[n|N][b|B][s|S][p|P];\\s*)+", "");
inputText = Regex.Replace(inputText, "<(.|\\n)*?>", "");
inputText = inputText.Replace("'", "''");
return Filter(inputText);
}
///<summary>
///<summary>
/// 过滤危险字符
///</summary>
///<param name="input"></param>
///<returns></returns>
publicstaticstring Filter(string input)
{
if ((input ==null) || (input ==""))
{
returnnull;
}
string p =@"exec[\s]{1,}|insert[\s]{1,}into[\s]{1,}|select[\s\S]{1,}from|delete[\s]{1,}|update[\s]{1,}|truncate[\s]{1,}table|--";
MatchCollection matches = Regex.Matches(input, p, RegexOptions.IgnoreCase);
foreach (Match m in matches)
{
input = input.Replace(m.Value, "");
}
return input;
}
#endregion
}
喜欢 
顶
难过
囧
围观
无聊
