Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Textbox and Textarea issues

Status
Not open for further replies.

mcode12

Programmer
Aug 8, 2007
25
GB
I have a signup form and I want to be careful with information that is entered so I'm thinking that I should take these steps.

1. retrieve the form elements and set to variables, then replace the apostrophe in variables with two single apostrophes.

2. Next check for any sql injection characters or phrases

3. use Server.HtmlEncode when inserting values into database.

How does that sound, am I missing anything?
 
Nope that pretty much covers it :D I use the following.

Code:
<%
function sanitise(str)
	dim t,newChars,badChars
	if str <> "" then
		newChars = replace(str, "'", "''")
	    newChars = replace(newChars ,"’","''")
        newChars = replace(newChars ,"‘","''")
		badChars = array("tbl_","OTHER PHRASE","OTHER PHRASE") 	
		for t = 0 to uBound(badChars) 
			newChars = replace(newChars, badChars(t), "") 
		next 
		sanitise = newChars 
	else
		sanitise=""
	end if
        sanitise = server.HTMLEncode(sanitise)
end function
response.write(sanitise("hello'to youa all, tbl_monkey"))
%>

}...the bane of my life!
 
Another thing is to remove non alphanumeric characters (somtimes usful)

Code:
function killChar(str)
	dim RegularExpressionObject
	Set RegularExpressionObject = New RegExp
	With RegularExpressionObject
	.Pattern = "[^A-Za-z 0-9]*"
	.IgnoreCase = True
	.Global = True
	End With
	killChar = RegularExpressionObject.replace(str,"")
        set RegularExpressionObject  = nothing
end function

}...the bane of my life!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top