javascript remove bad characters for MySQL db hit [Archive] - CodingForums.com

View Full Version : javascript remove bad characters for MySQL db hit

crmpicco

02-24-2006, 09:32 AM

function fix_chars(id,val)
{
if ((typeof(val)=="undefined")||(typeof(id)=="undefined")){
return;
}
if(/'/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/'/g,'');
}
if(/&/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/&/g,'');
}
if(/_/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/_/g,'');
}
if(/,/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/,/g,'');
}
if(/%/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/%/g,'');
}
if(/`/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/`/g,'');
}
if(/"/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/"/g,'');
}
if(/@/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/@/g,'');
}
if(/~/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/~/g,'');
}
if(/#/.test(val))
{
document.forms["fexp"].elements[id].value = val.replace(/#/g,'');
}
}

<input type="text" name="depapt" id="depapt" onKeyUp="fix_chars('depapt',this.value);" />

Is there anyway to cut this function 'fix_chars' down? Am i missing something?
My object is basically to remove any bad characters to stop it crashing my MySQL Database.

Picco
:thumbsup:

glenngv

02-24-2006, 11:45 AM

You should remove the bad characters on the server-side as you can easily bypass that function or disable javascript. Doing it in the client-side is not safe.

crmpicco

02-26-2006, 02:33 PM

Thanks glenngv,

I was planning on having both...

http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=5868665800&rd=1&sspagename=STRK%3AMESE%3AIT&rd=1

vBulletin® v3.8.2, Copyright ©2000-2012, Jelsoft Enterprises Ltd.