Iceman Posted July 2, 2006 Share Posted July 2, 2006 I cant find any function in asp to do something like If Request.Form("whatever") Contains this then. I need a way to block out quotes from post forms, does anyone know how this can be done ? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 3, 2006 Share Posted July 3, 2006 You can escape the quotes, and leave them as part of the text. You will need a function that will find/replace characters in a string. You can use this for VB:http://devguru.com/technologies/vbscript/13958.aspOr this for java script:http://devguru.com/technologies/javascript/10812.aspYou can replace a single quote with either \' or two quotes '', depending on the database. I think with SQL Server you can use two quotes. Link to comment Share on other sites More sharing options...
haibec Posted July 3, 2006 Share Posted July 3, 2006 I cant find any function in asp to do something like If Request.Form("whatever") Contains this then. I need a way to block out quotes from post forms, does anyone know how this can be done ?<{POST_SNAPBACK}> Please here:<%Function getString(str, num)Dim tmp tmp = str tmp = Replace(tmp, "'", "''") tmp = Replace(tmp, "%", "") tmp = Replace(tmp, "-", "") tmp = Replace(tmp, ",", "") tmp = Replace(tmp, "(", "") tmp = Replace(tmp, ")", "") tmp = Replace(tmp, "{", "") tmp = Replace(tmp, "}", "") tmp = Replace(tmp, ">", "") tmp = Replace(tmp, "<", "") tmp = Replace(tmp, """", "") tmp = Replace(tmp, "!", "") tmp = Replace(tmp, "+", "") tmp = Replace(tmp, ":", "") tmp = Replace(tmp, ";", "") tmp = Replace(tmp, "=", "") tmp = Replace(tmp, "&", "") tmp = Replace(tmp, "--", "") If Len(tmp) > num And num > 0 Then tmp = Left(tmp, num) End If getString = tmpEnd FunctionFunction getNumber(str) If str <> "" And IsNumeric(str) Then getNumber = CInt(str) Else getNumber = 0 End IfEnd FunctionFunction Killchar(str) Dim Badchar Dim Newchar Badchar=array("select","Drop",";","insert","delete","xp_") Newchar=str for i=0 to uBound(Badchar) Newchar = replace(Newchar,Badchar(i),"") next Killchar=Newchar End Function %> Link to comment Share on other sites More sharing options...
Iceman Posted July 3, 2006 Author Share Posted July 3, 2006 Thanks for your help, its solved the problem and has helped me a great deal, cant thank you enough guys cheers Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now