|
|
Here's another suggestion to remove unwanted hacks, attacks, etc. with an ASP
Insert Record.
DIm the text fields, and compare them against unwanted characters to
automatically reroute this losers away from your website. For exmaple:
<%
Dim email
email=Request.Form("email")
If IllegalChars(email)=True Then
Response.redirect("go_away_you_spam_ _loser.asp")
End If
Function IllegalChars(sInput)
Dim sBadChars, iCounter
IllegalChars=False
'Create an array of illegal characters and words like these
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]",
"?", "`", "|")
For iCounter = 0 to uBound(sBadChars)
If Instr(sInput,sBadChars(iCounter))>0 Then
IllegalChars=True
End If
Next
End function
%>
With this placed above your code, it will filter your insert before it gets to
your database. IN this example, I showed some common hack characters that you
want to avoid, but you can add anything to that.
Also, you can always do a YY_checkform or similar javascript based filter that
makes email be in the correct email format, etc....
Hope that helps.
|
|