View Full Version : Prevent URLs from being entered into form fields?
TeamKaeru
09-05-2006, 08:48 PM
Hi, I'm already doing validation of form fields for an .asp form - was wondering if anyone out there had any quickie code that they like to use in order to prevent a web user from entering a URL string / web link into a form field.
Was looking at something along the lines of this Javascript, but I'm not sure that would be sufficient.
<Script language = "Javascript">
function isIllegalChars(){
var s = document.forms['contactform'].elements['message'].value;
if (( s.search("URL") >= 0) || ( s.search("http") >= 0)) {
alert ("stop putting URLs in the form fields!");
return false;
}
return true;
}
</Script>
Sayonara
09-05-2006, 08:53 PM
I would not use javascript - if someone wants to get around your code, they can just turn JS off.
Have the script that handles the form submission remove invalid content.
TeamKaeru
09-05-2006, 08:55 PM
Yep, I'm lookin' for some code that people might already be using, the javascript provided in example was just an idea of what I was looking for.
graficus
09-05-2006, 09:58 PM
Maybe you can use this as a starting point:
function CleanChars(strWords)
dim badChars,i
dim newChars
newchars=strwords
if len(Strwords)<15 then
cleanChars = newChars
exit function
end if
badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_","union","char","@@")
newChars = strWords
for i = 0 to uBound(badChars)
if instr(1,newchars,badchars(i),1)>0 then
newchars=""
cleanchars=newchars
exit function
end if
next
newchars=replace(newchars,"'","''")
cleanChars = newChars
end function%>
This code makes sure no "bad stuff" is entered into textfields and passed to a database. Or are you just concerned there are no "http://"s in there?
degsy
09-06-2006, 03:43 PM
You can do a simple InStr check
If InStr(str,"http") Then
Response.Write "Error: URL found"
Else
Response.Write "OK"
End If
Or you could use a regular expression
Function isURL(str)
isValid = True
set regEx = New RegExp
regEx.IgnoreCase = False
regEx.Pattern = "(\bhttp://[^ ]+\b)"
isValid = regEx.Test(str)
isURL = isValid
End Function
str = "Joe http://bloggs.com Bloggs"
Response.Write str & "<br>"
If isURL(str) Then
Response.Write "Error: URL found"
Else
Response.Write "OK"
End If
vBulletin® v3.8.2, Copyright ©2000-2012, Jelsoft Enterprises Ltd.