Hi
I run a small business on my own, everything from deliveries to coding
the webshop. This limits the time I can spend on coding, so I hope I'm
not asking to stupid questions.
At present I'm (re)writing "data sanitation" to stop dangerous user
input (from the order form, other input has already been taken care of)
I want some caracters to be removed or changed, like ' which could be
found in some names (Mac'Donald)
So I've started out like this:
--------
dim i,koll,test
For i = 1 to Request.Form.Co unt
replace(Request .Form(i), "'", "")
if len(Request.For m(i)) > 45 and Request.Form(i) <>
Request.Form("m essage") or len(Request.For m("message")) > 245 then
session("var") = "order.asp" 'to know where in terrlog.asp
Server.Execute( "terrlog.as p") 'logs the incident
response.redire ct ("terror.htm")' custom error message
end if
Koll = Request.Form(i) &koll'concatena te to later check for unwanted
caracters and if found show terror.htm like above
next
--------
I've tested to use Request.Form.it em(i) and in case Request.Form cannot
be changed to put it in a variable
test = Request.Form.it em(i)
I've also tested to replace with an x not just with nothing
-------
Invariably this gives the 0x800A0414 error
Microsoft VBScript compilation (0x800A0414)
Cannot use parentheses when calling a Sub
at the replace. Without the replace it works fine.
I don't really see that asfaq 2115 applies here but I've tested to use
Call replace(Request .Form(i), "'", "")
No error - but also no action, the ' is not replaced.
If I get this working a few more caracters and/or words are to be
changed
Any help appreciated.
Mats
PS I posted this before but something went wrong so it did not appear.
In case this appears as a second posting I apologize
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
I run a small business on my own, everything from deliveries to coding
the webshop. This limits the time I can spend on coding, so I hope I'm
not asking to stupid questions.
At present I'm (re)writing "data sanitation" to stop dangerous user
input (from the order form, other input has already been taken care of)
I want some caracters to be removed or changed, like ' which could be
found in some names (Mac'Donald)
So I've started out like this:
--------
dim i,koll,test
For i = 1 to Request.Form.Co unt
replace(Request .Form(i), "'", "")
if len(Request.For m(i)) > 45 and Request.Form(i) <>
Request.Form("m essage") or len(Request.For m("message")) > 245 then
session("var") = "order.asp" 'to know where in terrlog.asp
Server.Execute( "terrlog.as p") 'logs the incident
response.redire ct ("terror.htm")' custom error message
end if
Koll = Request.Form(i) &koll'concatena te to later check for unwanted
caracters and if found show terror.htm like above
next
--------
I've tested to use Request.Form.it em(i) and in case Request.Form cannot
be changed to put it in a variable
test = Request.Form.it em(i)
I've also tested to replace with an x not just with nothing
-------
Invariably this gives the 0x800A0414 error
Microsoft VBScript compilation (0x800A0414)
Cannot use parentheses when calling a Sub
at the replace. Without the replace it works fine.
I don't really see that asfaq 2115 applies here but I've tested to use
Call replace(Request .Form(i), "'", "")
No error - but also no action, the ' is not replaced.
If I get this working a few more caracters and/or words are to be
changed
Any help appreciated.
Mats
PS I posted this before but something went wrong so it did not appear.
In case this appears as a second posting I apologize
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Comment