Hi, 'hope everyone is doing alright

A few weeks ago, I posted a thread about logins and password related to security. Raf helped me with forbidden chars to avoid a sql injection attack:


if InStr("=", login) = True or Instr("*", login) = True or Instr("'",login) = True or Instr("%",login) = True or Instr("_",login) = True then
error = error & "<br />sql injection attack
end if


Now, for different reasons, I'd like to apply that to all my fields, not only the login and password ones. So I could duplicate this code for every field, but I thought that making one function with the chars I want to avoid would be easier. And then I would test my string with this function.

I've been trying a few pathetic things that I won't even show here :o

So then I thought that maybe someone would feel like helping me writing my first function. I don't know if I have to use RegExp to do this or not. I also know that whammy has a "SQLSafe" function but... well... it's a good occasion for me to learn something right here. So if anyone has a few minutes (seconds) to loose, don't hesitate! :thumbsup:

Instr function does not return a boolean. It returns the index position of the matched string in the source string. It returns 0 if no matched if found.

Function HasForbiddenChars(ByVal str)
if InStr("=", str) > 0 or Instr("*", str) > 0 or Instr("'",str) > 0 or Instr("%",str) > 0 or Instr("_",str) > 0 then
HasForbiddenChars = true
exit function
end if
HasForbiddenChars = false
End Function

login = "blahblah"
password = "blah%blah"
if HasForbiddenChars(login) then
response.write "Login has invalid character(s)."
response.end
end if
if HasForbiddenChars(password) then
response.write "Password has invalid character(s)."
response.end
end if

yeah glenngv.... thanx :thumbsup:

That could indeed also be done with a simple RegEx pattern, but you should try to do that yourself.

;)

Originally posted by M@rco
That could indeed also be done with a simple RegEx pattern, but you should try to do that yourself.

;)

I wish I could... But I defintly have NO IDEA of how do that.. If you have any cool links where I could learn that (I just know where to find already-done RegEx). I started to learn ASP in july so all that is quite new for me since I'm basically rather in the world of french litterature...:) But it's so entertaining that I'm very eager to learn as much as I can.

Originally posted by bouchel
I wish I could... But I defintly have NO IDEA of how do that.. If you have any cool links where I could learn that (I just know where to find already-done RegEx). I started to learn ASP in july so all that is quite new for me since I'm basically rather in the world of french litterature...:) But it's so entertaining that I'm very eager to learn as much as I can. I must say that I'm rather surprised that in 3 or 4 months of learning ASP you have only just got around to writing a VBScript function. What tutorial/book/reference material are you using?

Anyway, I suggest that you carry on learning the basic language constructs for the moment, and leave more advanced topics like regular expressions until you are more familiar with the basics.

Originally posted by M@rco
I must say that I'm rather surprised that in 3 or 4 months of learning ASP you have only just got around to writing a VBScript function.


:o well, my studies take me a lot of time so... I only feel like I really began last week to go deeper into the ASP world (right after I finished my exams). So you're quite right about the fact that I have to take it all from the biginning since when I started this summer I wasn't very precise about the therms of what I was using. Well... if you're looking for me you'll find me there:

http://www.w3schools.com/asp/default.asp :)

see you soon

Ah, that explains things! All the best with your studies! ;)