ASPX代码加固小结

1、replace替换

<%@Page Language="C#"%>

<%
string strID=Request["id"];
strID = strID.Replace("'","");//单引号过滤
//strID==Globals.HtmlEncode(strID)
Response.Write(strID);
%>

2、转换

<%@ Page Language="C#" %>

<%
string strID =Request["id"];
int strID11 = int.Parse(strID);//string 转换为int
//int strID = int.Parse(Request["id"]);
//int strID = Convert.ToInt32(Request["id"]); //将对象转换为int
//string strID = HttpUtility.HtmlEncode(Request["id"]);//Htmlencode处理

int strID = int.Parse(strID);
Response.Write(strID);


%>

  

原文地址:https://www.cnblogs.com/xiaozi/p/5816390.html