Login
Latest postings for ASP/ VbScript.
Daily Code Email
|
|
| | |
| | |
Terms of Agreement:
By using this article, you agree to the following terms...
1) You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2) You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3) You may link to this article from another website, but ONLY if it is not wrapped in a frame.
4) You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.
| If you've not used Chr() function before, open notepad, hold hown your left Alt key, and type in the 3-digit number on the numeric keypad to see what character I'm checking for!
Note this is probably not the most efficient or elegant way of programming, and I like to use variable names I can understand when I look at the file 3 years later!
Function fCheckChar( strCheck, numLenMax )
strOut = ""
numLen = Len(strCheck)
If numLenMax <> "" Then
numMax = CInt(numLenMax)
Else
numMax = 99
End If
If numLen > numMax Then
strCheck = Mid(strCheck,1,numMax)
numLen = numMax
End If
For i = 1 to numLen
strChar = Mid(strCheck,i,1)
If (strChar > Chr(031) AND strChar < Chr(127)) _
OR (strChar = Chr(010)) _
OR (strChar = Chr(013)) Then
If strChar = Chr(034) _
OR strChar = Chr(039) Then
strOut = strOut & Chr(039) & Chr(039)
Else
strOut = strOut & strChar
End If
End If
Next
fCheckChar = strOut
End Function
Usage example:
strSearch = Request.QueryString("str")
strSafeSearch = fCheckChar(strSearch,"45")
| | |
| | |
 Report Bad Submission | | | | | Your Vote! | |
See Voting Log | | | | Other User Comments |  8/5/2009 11:52:27 AM: mike
Sorry this script does not stand up to the Advanced category.
1 - The function needs better definition. Private or Public
2 - The arguments passed in should use the ByRef or ByVal definitions.
3 - You use many variables in the function without Dimensioning them.
These three things alone will have a major impact on how polite your function behaves within the whole of an application.
You are replacing double and single quotes with a pair or single quotes. What if the user already placed a pair of single quotes in the input? Now you have 4 single quotes in a row!
If you are looking to protect your queries from bad characters or "SQL injection" I'd suggest you look into stored procedures.
(If this comment was disrespectful, please report it.)
| | |
Add Your Feedback! | Note:Not only will your feedback be posted, but an email will be sent to the code's author from the email account you registered on the site, so you can correspond directly.
NOTICE: The author of this article has been kind enough to share it with you. If you have a criticism, please state it politely or it will be deleted.
For feedback not related to this particular article, please click here.
|
To post feedback, first please login.
| |
|
