...

View Full Version : asp (function with problems)



blackrider
01-02-2004, 04:08 PM
I there!

I was new in ASP world and i have two doubts. I have hope you at the forum can help me on this.

1) It want to know because the following function does not work well,

function procuraCaracteresInvalidos(stringIn)
Dim arrayChars
procuraCaracteresInvalidos = True
Dim pos

Const charInvalidos = " # , $ , % , & , ' , ; , * "

arrayChars = Split(charInvalidos,",")

stringIn = Trim(stringIn)

For i=0 to UBound(arrayChars)

pos = InStr(1,stringIn,CStr(arrayChars(i)))

if pos > 0 then
procuraCaracteresInvalidos = False
Exit Function
end if
Next

end function

If variable “stringIn” will count invalid characters, the function does not detect them.
The invalide chars are: # , $ , % , & , ' , ; , *
I pretend with that function to prevent the SQL injection.


2) In VBSript exist any method equal to charAt in JavaScritp?

Example: charName = stringName.charAt(i)

oracleguy
01-02-2004, 06:41 PM
1) From what I can see that function should work, the only thing I see amiss is that you do not need to put spaces in the charInvalidos constant.

2) Yes there is: charName = Mid(stringName, i, 1)

miranda
01-02-2004, 06:58 PM
Why not use VBScript's Replace function to prevent sql injection?

dim myString
myString = Request.Form("aFormField")
myString = Replace(myString, "#", " ")
myString = Replace(myString, ";", " ")

as for myString.charAt(i)
in VBScript you would use the Mid function
dim myString, x
myString = "Hello World"
x = Mid(myString, 7, 1)

in this case x = W



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum