vbscript sinatize string
CookieExceptionList = Array("""","(",")")
Function IsExceptionList(str,varType)
If(varType="cookie") then
For Each item in CookieExceptionList
If(item=str) then
IsExceptionList=True
Exit Function
End If
Next
End If
IsExceptionList=False
End Functionvbscript sinatize string
For Each s in Request.Form
If ( CheckStringForSQL(Request.Form(s),"form") ) Then
PrepareReport("Post Varibale")
' Redirect to an error page
Response.Redirect(ErrorPage)
End If
Nextvbscript sinatize string
Dim BlackList, ErrorPage
BlackList = Array("=","#","$","%","^","&","*","|",";",_
"<",">","'","""","(",")",_
"--", "/*", "*/", "@@",_
"cursor","exec","execute",_
"nchar", "varchar", "nvarchar", "iframe"_
)
'Note: We can include following keyword to make a stronger scan but it will also
'protect users to input these words even those are valid input
' "!", "char", "alter", "begin", "cast", "create",
'Populate the error page you want to redirect to in case the check fails.
ErrorPage = "../displaymessage.asp?msg=" &
Server.URLEncode("Invalid Character Entered")
Function CheckStringForSQL(str,varType)
On Error Resume Next
Dim lstr
' If the string is empty, return false that means pass
If ( IsEmpty(str) ) Then
CheckStringForSQL = false
Exit Function
ElseIf ( StrComp(str, "") = 0 ) Then
CheckStringForSQL = false
Exit Function
End If
lstr = LCase(str)
' Check if the string contains any patterns in our black list
For Each s in BlackList
If(IsExceptionList(s,varType)=False) then
If ( InStr (lstr, s) <> 0 ) Then
CheckStringForSQL = true
Exit Function
End If
End If
Next
CheckStringForSQL = false
End Function vbscript sinatize string
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Check Upload forms data
' Description: This function will validate ASP Upload Data
' Note: Because of ASPUpload's limitation this function
' need to be called after its save function from
' the relevant ASP page
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
function IsValidUploadFormData(dataCollection,redirect)
for each item in dataCollection
If ( CheckStringForSQL(item) ) Then
PrepareReport("Upload Form")
'Redirect to an error page
if(redirect) then Response.Redirect(ErrorPage)
IsValidUploadFormData = false
Exit Function
End If
next
IsValidUploadFormData = true
end functionCopyright © 2021 Codeinu
Forgot your account's password or having trouble logging into your Account? Don't worry, we'll help you to get back your account. Enter your email address and we'll send you a recovery link to reset your password. If you are experiencing problems resetting your password contact us
