Textbox and Textarea issues

[mcode12]

I have a signup form and I want to be careful with information that is entered so I'm thinking that I should take these steps.

1. retrieve the form elements and set to variables, then replace the apostrophe in variables with two single apostrophes.

2. Next check for any sql injection characters or phrases

3. use Server.HtmlEncode when inserting values into database.

How does that sound, am I missing anything?

 

[guitardave78]

Nope that pretty much covers it I use the following.

<%
function sanitise(str)
	dim t,newChars,badChars
	if str <> "" then
		newChars = replace(str, "'", "''")
	    newChars = replace(newChars ,"’","''")
        newChars = replace(newChars ,"‘","''")
		badChars = array("tbl_","OTHER PHRASE","OTHER PHRASE") 	
		for t = 0 to uBound(badChars) 
			newChars = replace(newChars, badChars(t), "") 
		next 
		sanitise = newChars 
	else
		sanitise=""
	end if
        sanitise = server.HTMLEncode(sanitise)
end function
response.write(sanitise("hello'to youa all, tbl_monkey"))
%>

}...the bane of my life!

http://www.yetanotherreviewsite.co.uk

http://www.fuzzyd.co.uk

 

[mcode12]

cheers Dave.

 

[guitardave78]

Another thing is to remove non alphanumeric characters (somtimes usful)

function killChar(str)
	dim RegularExpressionObject
	Set RegularExpressionObject = New RegExp
	With RegularExpressionObject
	.Pattern = "[^A-Za-z 0-9]*"
	.IgnoreCase = True
	.Global = True
	End With
	killChar = RegularExpressionObject.replace(str,"")
        set RegularExpressionObject  = nothing
end function

}...the bane of my life!

http://www.yetanotherreviewsite.co.uk

http://www.fuzzyd.co.uk