又被SQL注入了,有专家给了一段代码,但我看不懂,帮忙翻译下吧

又被SQL注入了,有专家给了一段代码,但我看不懂,帮忙翻译下吧 [已结贴,结贴人:HBJMSHOP]

HBJMSHOP
我是一只野兔
等级:
可用分等级：中农
总技术专家分：214
总技术专家分排名：59795
揭帖率：94.78%

发表于：2008-05-28 09:27:18 楼主

该语句有VB版的么,放在什么地方?
我不会用C#的,我全用VB.NET编的码,能帮忙翻译下吗,
我用http://labs.developerfusion.co.uk/convert/csharp-to-vb.aspx的功能翻译,报错

protected void Application_BeginRequest(Object sender, EventArgs e)
{
//SQL防注入
string Sql_1 = "exec ¦insert+ ¦select+ ¦delete ¦update ¦count ¦chr ¦mid ¦master+ ¦truncate ¦char ¦declare ¦drop+ ¦drop+table ¦creat+ ¦creat+table";
string Sql_2 = "exec+ ¦insert+ ¦delete+ ¦update+ ¦count( ¦count+ ¦chr+ ¦+mid( ¦+mid+ ¦+master+ ¦truncate+ ¦char+ ¦+char( ¦declare+ ¦drop+ ¦creat+ ¦drop+table ¦creat+table";
string[] sql_c = Sql_1.Split(' ¦');
string[] sql_c1 = Sql_2.Split(' ¦');

if (Request.QueryString != null)
{
foreach (string sl in sql_c)
{
if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0)
{
Response.Write("警告！你的IP已经被记录!");//
Response.Write(sl);
Response.Write(Request.QueryString.ToString());
Response.End();
break;
}
}
}

if (Request.Form.Count > 0)
{
string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
if (Request.ServerVariables["HTTP_REFERER"] != null)
{
string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
string s3 = "";
if (s1.Length > (s2.Length - 7))
{
s3 = s2.Substring(7);
}
else
{
s3 = s2.Substring(7, s1.Length);
}
if (s3 != s1)
{
Response.Write("你的IP已被记录！警告！");//
Response.End();
}
}
}
}

*/

问题点数：20 回复次数：16 修改删除举报引用回复

Protected Sub Application_BeginRequest(sender As [Object], e As EventArgs) 'SQL防注入 Dim Sql_1 As String = "exec ¦insert+ ¦select+ ¦delete ¦update ¦count ¦chr ¦mid ¦master+ ¦truncate ¦char ¦declare ¦drop+ ¦drop+table ¦creat+ ¦creat+table" Dim Sql_2 As String = "exec+ ¦insert+ ¦delete+ ¦update+ ¦count( ¦count+ ¦chr+ ¦+mid( ¦+mid+ ¦+master+ ¦truncate+ ¦char+ ¦+char( ¦declare+ ¦drop+ ¦creat+ ¦drop+table ¦creat+table" Dim sql_c As String() = Sql_1.Split("¦") Dim sql_c1 As String() = Sql_2.Split("¦") ' If Not (Request.QueryString Is Nothing) Then Dim sl As String For Each sl In sql_c If Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0 Then Response.Write("警告！你的IP已经被记录!") ' Response.Write(sl) Response.Write(Request.QueryString.ToString()) Response.End() Exit ForEach End If Next sl End If If Request.Form.Count > 0 Then Dim s1 As String = Request.ServerVariables("SERVER_NAME").Trim() '服务器名称 If Not (Request.ServerVariables("HTTP_REFERER") Is Nothing) Then Dim s2 As String = Request.ServerVariables("HTTP_REFERER").Trim() 'http接收的名称 Dim s3 As String = "" If s1.Length > s2.Length - 7 Then s3 = s2.Substring(7) Else s3 = s2.Substring(7, s1.Length) End If If s3 <> s1 Then Response.Write("你的IP已被记录！警告！") ' Response.End() End If End If End If End Sub