using CommonToolsCore; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; namespace zhengcaioa.Model { public class AntiSqlAttribute: Attribute, IActionFilter { public void OnActionExecuted(ActionExecutedContext context)//方法执行后执行 { } public void OnActionExecuting(ActionExecutingContext filterContext) { var actionParameters = filterContext.ActionDescriptor.Parameters; foreach (var p in actionParameters) { if (p.Name == "file") { continue; } if (p.ParameterType == typeof(string)) { if (filterContext.ActionArguments.ContainsKey(p.Name) && filterContext.ActionArguments[p.Name] != null) { filterContext.ActionArguments[p.Name] = SqlFilter.SqlFilterFilter(filterContext.ActionArguments[p.Name].ToString().Trim()) ; } } else { var model = filterContext.ActionArguments[p.Name]; Type type = model.GetType(); foreach (var item in type.GetProperties()) { if (item.PropertyType == typeof(string) && item.GetValue(model, null) != null) { if (!item.IsDefined(typeof(IgnoreSqlInjectAttribute), false)) { item.SetValue(model, SqlFilter.SqlFilterFilter(item.GetValue(model, null).ToString().Trim()), null); } } } } } } } /// /// 忽略SQL注入 /// [IgnoreSqlInject] /// [AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Property, AllowMultiple = true)] public class IgnoreSqlInjectAttribute : Attribute { } }