macromedia.dreamweaver.appdev
[Top] [All Lists]

Re: Image Verification on insert record

Subject: Re: Image Verification on insert record
From: "jsteinmann"
Date: Thu, 25 Oct 2007 18:31:21 +0000 UTC
Newsgroups: macromedia.dreamweaver.appdev

 Here's another suggestion to remove unwanted hacks, attacks, etc. with an ASP 
Insert Record.

 DIm the text fields, and compare them against unwanted characters to 
automatically reroute this losers away from your website.  For exmaple:

 <%
 Dim email
 email=Request.Form("email")

 If IllegalChars(email)=True Then
 Response.redirect("go_away_you_spam_ _loser.asp")
 End If

 Function IllegalChars(sInput)
 Dim sBadChars, iCounter
 IllegalChars=False
 'Create an array of illegal characters and words like these
 sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
 "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", 
"?", "`", "|")
 For iCounter = 0 to uBound(sBadChars)
 If Instr(sInput,sBadChars(iCounter))>0 Then
 IllegalChars=True
 End If
 Next
 End function
 %>


 With this placed above your code, it will filter your insert before it gets to 
your database.  IN this example, I showed some common hack characters that you 
want to avoid, but you can add anything to that.

 Also, you can always do a YY_checkform or similar javascript based filter that 
makes email be in the correct email format, etc....

 Hope that helps.


<Prev in Thread] Current Thread [Next in Thread>