Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Banned
    Join Date
    Jan 2004
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question asp (function with problems)

    I there!

    I was new in ASP world and i have two doubts. I have hope you at the forum can help me on this.

    1) It want to know because the following function does not work well,

    function procuraCaracteresInvalidos(stringIn)
    Dim arrayChars
    procuraCaracteresInvalidos = True
    Dim pos

    Const charInvalidos = " # , $ , % , & , ' , ; , * "

    arrayChars = Split(charInvalidos,",")

    stringIn = Trim(stringIn)

    For i=0 to UBound(arrayChars)

    pos = InStr(1,stringIn,CStr(arrayChars(i)))

    if pos > 0 then
    procuraCaracteresInvalidos = False
    Exit Function
    end if
    Next

    end function

    If variable “stringIn” will count invalid characters, the function does not detect them.
    The invalide chars are: # , $ , % , & , ' , ; , *
    I pretend with that function to prevent the SQL injection.


    2) In VBSript exist any method equal to charAt in JavaScritp?

    Example: charName = stringName.charAt(i)

  • #2
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    1) From what I can see that function should work, the only thing I see amiss is that you do not need to put spaces in the charInvalidos constant.

    2) Yes there is: charName = Mid(stringName, i, 1)
    OracleGuy

  • #3
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,072
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Why not use VBScript's Replace function to prevent sql injection?

    dim myString
    myString = Request.Form("aFormField")
    myString = Replace(myString, "#", " ")
    myString = Replace(myString, ";", " ")

    as for myString.charAt(i)
    in VBScript you would use the Mid function
    dim myString, x
    myString = "Hello World"
    x = Mid(myString, 7, 1)

    in this case x = W


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •