Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

textbox data validation

Status
Not open for further replies.
cuetzpalin

cuetzpalin

Programmer
Jun 5, 2002
99
US
I have a textbox that accepts alphanumeric data. However, if a user enters a "'" (single quote), it screws up my stored procedure, since you have to separate parameters by single quotes. Any ideas? Should I remove the single quote with a function if it's typed? If so, how would I do that?

Please help.

Thanks in advance,
Ed
 
Sort by date Sort by votes
Don't use JavaScript for this! You need to escape the single quote, usually by replacing it with two single quotes. Unless you do this on the server-side, your app is subject to SQL injection attacks!

Adam

There are only 10 types of people in the world: Those who understand binary, and those who don't
 
Upvote 0 Downvote
Just made it:


Code: 
<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>

<body>

</body>
<form method="POST" action="--WEBBOT-SELF--" name=a>
	<!--webbot bot="SaveResults" U-File="C:\Documents and Settings\Menios\Desktop\_private\form_results.csv" S-Format="TEXT/CSV" S-Label-Fields="TRUE" -->
	<p><input type="text" name="T1" size="20"><input type="button" value="Button" name="B1" onclick="aaa()"></p>
</form>
[b]<script language=javascript type=text/javascript >
  function aaa()
  {
    while (document.a.T1.value.indexOf("'") != -1)
    {
      var WhereItIs;
      WhereItIs = document.a.T1.value.indexOf("'");
      
      document.a.T1.value = document.a.T1.value.substring(0, WhereItIs) + document.a.T1.value.substring(WhereItIs + 1);   
    }
  }
</script>[/b]
</html>



This will remove all "'" form the textbox

-ok?
-bclt
 
Upvote 0 Downvote
Do you really want to remove all the single quotes and introduce grammatical errors into what the user typed? And what about users who browse with JavaScript turned off? What about users who intentionally turn off JavaScript to do a SQL injection attack?

I would definitely use a server-side process, NOT JavaScript, to take care of this. I'm suprised you're experiencing this problem at all if, in fact, you are using stored procedures properly.

Adam

There are only 10 types of people in the world: Those who understand binary, and those who don't
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JPSeo
  • Locked
  • Question
--How to implement req.body.param validation
Replies
0
Views
73
JPSeo
JPSeo
chikwendu
  • Locked
  • Question
How do I display an extra input box for editing an existing data?
Replies
1
Views
113
chikwendu
chikwendu
mikemayo
  • Locked
  • Question
Javascript Data Object
Replies
0
Views
72
mikemayo
mikemayo
waubain
  • Locked
  • Question
id tag not loading new data with new ajax call 1
Replies
4
Views
132
waubain
waubain
emmals
  • Locked
  • Question
Auto Click Button and pass through all data
Replies
0
Views
78
emmals
emmals

Part and Inventory Search

Sponsor

Back
Top