|
Home > Archive > IIS ASP > July 2005 > Asp form filtering
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Asp form filtering
|
|
| jfancy-Transport Canada 2005-07-28, 5:59 pm |
| Hi,
I'm looking for an asp page to detect if there are any characters in my
contact form that shouldn't be there. For example, if there is a "<"
character, then this may mean there is html in my contact form, which
is not good. I want to build a string that has all the values of my
textboxes in my contact form. Its not working? Have a look:
<%
'Declare all the variables and assign them to their respective text
inputs on the feedback.asp page
dim formall : request.Form("x_name") + request.Form("x_email") +
request.Form("x_subject") + request.Form("x_comments")
'Use the In-String Function to detect on html open or close tags found
in the input boxes. If so, Don't send e-mail
if (Instr(formall,">")) OR (Instr(formall, ";")) Then
response.redirect("test2.html") 'Just a test
end if
%>
If anyone can help, it would be good!!
jf
| |
| Aaron Bertrand [SQL Server MVP] 2005-07-28, 5:59 pm |
| Why don't you do this with client-side JavaScript, before the submit? You
can use regular expressions there and you will prevent (a) server activity
and (b) the user having to wait for the submission to be rejected by the
server.
What is wrong with semi-colon (;), btw?
"jfancy-Transport Canada" <justinfancy@gmail.com> wrote in message
news:1122579542.072501.186050@g47g2000cwa.googlegroups.com...
> Hi,
>
> I'm looking for an asp page to detect if there are any characters in my
> contact form that shouldn't be there. For example, if there is a "<"
> character, then this may mean there is html in my contact form, which
> is not good. I want to build a string that has all the values of my
> textboxes in my contact form. Its not working? Have a look:
>
>
> <%
>
> 'Declare all the variables and assign them to their respective text
> inputs on the feedback.asp page
>
> dim formall : request.Form("x_name") + request.Form("x_email") +
> request.Form("x_subject") + request.Form("x_comments")
>
>
> 'Use the In-String Function to detect on html open or close tags found
> in the input boxes. If so, Don't send e-mail
>
> if (Instr(formall,">")) OR (Instr(formall, ";")) Then
>
> response.redirect("test2.html") 'Just a test
>
>
> end if
>
>
>
> %>
>
>
>
>
> If anyone can help, it would be good!!
>
>
> jf
>
| |
| Steven Burn 2005-07-28, 5:59 pm |
| Use Regular Expressions (RegEx), the following has code you can adapt to
your use.
#2344: How do I highlight words in a string?
http://aspfaq.com/show.asp?id=2344
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"jfancy-Transport Canada" <justinfancy@gmail.com> wrote in message
news:1122579542.072501.186050@g47g2000cwa.googlegroups.com...
> Hi,
>
> I'm looking for an asp page to detect if there are any characters in my
> contact form that shouldn't be there. For example, if there is a "<"
> character, then this may mean there is html in my contact form, which
> is not good. I want to build a string that has all the values of my
> textboxes in my contact form. Its not working? Have a look:
>
>
> <%
>
> 'Declare all the variables and assign them to their respective text
> inputs on the feedback.asp page
>
> dim formall : request.Form("x_name") + request.Form("x_email") +
> request.Form("x_subject") + request.Form("x_comments")
>
>
> 'Use the In-String Function to detect on html open or close tags found
> in the input boxes. If so, Don't send e-mail
>
> if (Instr(formall,">")) OR (Instr(formall, ";")) Then
>
> response.redirect("test2.html") 'Just a test
>
>
> end if
>
>
>
> %>
>
>
>
>
> If anyone can help, it would be good!!
>
>
> jf
>
| |
| Ray Costanzo [MVP] 2005-07-28, 5:59 pm |
| Have you considered allowing those characters and just Server.HtmlEncode'ing
the strings whenever you need to display them?
Ray at work
"jfancy-Transport Canada" <justinfancy@gmail.com> wrote in message
news:1122579542.072501.186050@g47g2000cwa.googlegroups.com...
> Hi,
>
> I'm looking for an asp page to detect if there are any characters in my
> contact form that shouldn't be there. For example, if there is a "<"
> character, then this may mean there is html in my contact form, which
> is not good. I want to build a string that has all the values of my
> textboxes in my contact form. Its not working? Have a look:
>
>
> <%
>
> 'Declare all the variables and assign them to their respective text
> inputs on the feedback.asp page
>
> dim formall : request.Form("x_name") + request.Form("x_email") +
> request.Form("x_subject") + request.Form("x_comments")
>
>
> 'Use the In-String Function to detect on html open or close tags found
> in the input boxes. If so, Don't send e-mail
>
> if (Instr(formall,">")) OR (Instr(formall, ";")) Then
>
> response.redirect("test2.html") 'Just a test
>
>
> end if
>
>
>
> %>
>
>
>
>
> If anyone can help, it would be good!!
>
>
> jf
>
| |
| Dave Anderson 2005-07-28, 5:59 pm |
| jfancy-Transport Canada wrote:
> I'm looking for an asp page to detect if there are any characters in
> my contact form that shouldn't be there. For example, if there is a
> "<" character, then this may mean there is html in my contact form,
> which is not good. I want to build a string that has all the values
> of my textboxes in my contact form.
What's wrong with a user submitting any character that pleases him? I
suggest you familiarize yourself with Server.HTMLEncode.
http://msdn.microsoft.com/library/e...4f4ee5853a7.asp
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
|
|
|
|
|