lsm/SqlSugar
1
0
Fork 0
mirror of https://gitee.com/dotnetchina/SqlSugar.git synced 2025-09-20 02:29:39 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update checkfiled

Browse Source
This commit is contained in:
sunkaixuan
2023-07-04 13:40:39 +08:00
parent 06d282f802
commit a603f4e276
1 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
Src/Asp.Net/SqlSugar/Utilities/DbExtensions.cs
View File

@@ -72,19 +72,22 @@ namespace SqlSugar
{ {
throw new Exception($"{value} format error "); throw new Exception($"{value} format error ");
} }
else if (value.IsContainsIn("'")&&(value.Length- value.Replace("'","").Length)%2!=0) else if (value.IsContainsIn("'") && (value.Length - value.Replace("'", "").Length) % 2 != 0)
{ {
throw new Exception($"{value} format error "); throw new Exception($"{value} format error ");
} }
else if (value.ToLower().Contains("/update/") else if (IsUpdateSql(value,"/","/"))
|| value.ToLower().Contains("/delete/")
|| value.ToLower().Contains("/drop/")
|| value.ToLower().Contains("/alert/")
|| value.ToLower().Contains("/create/")
|| value.ToLower().Contains("/insert/"))
{ {
Check.ExceptionEasy($"{value} format error ", value + "不能存在 /+【update drop 等】+/ "); Check.ExceptionEasy($"{value} format error ", value + "不能存在 /+【update drop 等】+/ ");
} }
else if (IsUpdateSql(value, "/", " "))
{
Check.ExceptionEasy($"{value} format error ", value + "不能存在 /+【update drop 等】+空格 ");
}
else if (IsUpdateSql(value, " ", "/"))
{
Check.ExceptionEasy($"{value} format error ", value + "不能存在 空格+【update drop 等】+/ ");
}
else if (value.ToLower().Contains(" update ") else if (value.ToLower().Contains(" update ")
|| value.ToLower().Contains(" delete ") || value.ToLower().Contains(" delete ")
|| value.ToLower().Contains(" drop ") || value.ToLower().Contains(" drop ")
@@ -92,11 +95,22 @@ namespace SqlSugar
|| value.ToLower().Contains(" create ") || value.ToLower().Contains(" create ")
|| value.ToLower().Contains(" insert ")) || value.ToLower().Contains(" insert "))
{ {
Check.ExceptionEasy($"{value} format error ", value+ "不能存在 空格+【update drop 等】+空格 "); Check.ExceptionEasy($"{value} format error ", value + "不能存在 空格+【update drop 等】+空格 ");
} }
} }
return value; return value;
} }
private static bool IsUpdateSql(string value,string left ,string right)
{
return value.ToLower().Contains(left+"update"+right)
|| value.ToLower().Contains(left + "delete" + right)
|| value.ToLower().Contains(left + "drop" + right)
|| value.ToLower().Contains(left + "alert" + right)
|| value.ToLower().Contains(left + "create" + right)
|| value.ToLower().Contains(left + "insert" + right);
}
public static string ToCheckRegexW(this string value) public static string ToCheckRegexW(this string value)
{ {
if (Regex.IsMatch(value,@"^\w+$")) if (Regex.IsMatch(value,@"^\w+$"))