Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Aug 2003
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    writing my first function

    Hi, 'hope everyone is doing alright

    A few weeks ago, I posted a thread about logins and password related to security. Raf helped me with forbidden chars to avoid a sql injection attack:

    Code:
    if InStr("=", login) = True or Instr("*", login) = True or Instr("'",login) = True or Instr("%",login) = True or Instr("_",login) = True then
    error = error & "<br />sql injection attack
    end if
    Now, for different reasons, I'd like to apply that to all my fields, not only the login and password ones. So I could duplicate this code for every field, but I thought that making one function with the chars I want to avoid would be easier. And then I would test my string with this function.

    I've been trying a few pathetic things that I won't even show here

    So then I thought that maybe someone would feel like helping me writing my first function. I don't know if I have to use RegExp to do this or not. I also know that whammy has a "SQLSafe" function but... well... it's a good occasion for me to learn something right here. So if anyone has a few minutes (seconds) to loose, don't hesitate!

  • #2
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,074
    Thanks
    0
    Thanked 256 Times in 252 Posts
    Instr function does not return a boolean. It returns the index position of the matched string in the source string. It returns 0 if no matched if found.
    Code:
    Function HasForbiddenChars(ByVal str)
      if InStr("=", str) > 0  or Instr("*", str) > 0 or Instr("'",str) > 0 or Instr("%",str) > 0 or Instr("_",str) > 0 then
        HasForbiddenChars = true
        exit function
      end if
      HasForbiddenChars = false
    End Function
    
    login = "blahblah"
    password = "blah%blah"
    if HasForbiddenChars(login) then
      response.write "Login has invalid character(s)."
      response.end
    end if
    if HasForbiddenChars(password) then
      response.write "Password has invalid character(s)."
      response.end
    end if
    Last edited by glenngv; 10-14-2003 at 12:10 PM.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #3
    Regular Coder
    Join Date
    Aug 2003
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts
    yeah glenngv.... thanx

  • #4
    Regular Coder
    Join Date
    Oct 2003
    Location
    London, UK
    Posts
    411
    Thanks
    0
    Thanked 1 Time in 1 Post
    That could indeed also be done with a simple RegEx pattern, but you should try to do that yourself.

    Marcus Tucker / www / blog
    Web Analyst Programmer / Voted SPF "ASP Guru"

  • #5
    Regular Coder
    Join Date
    Aug 2003
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Originally posted by M@rco
    That could indeed also be done with a simple RegEx pattern, but you should try to do that yourself.

    I wish I could... But I defintly have NO IDEA of how do that.. If you have any cool links where I could learn that (I just know where to find already-done RegEx). I started to learn ASP in july so all that is quite new for me since I'm basically rather in the world of french litterature... But it's so entertaining that I'm very eager to learn as much as I can.

  • #6
    Regular Coder
    Join Date
    Oct 2003
    Location
    London, UK
    Posts
    411
    Thanks
    0
    Thanked 1 Time in 1 Post
    Originally posted by bouchel
    I wish I could... But I defintly have NO IDEA of how do that.. If you have any cool links where I could learn that (I just know where to find already-done RegEx). I started to learn ASP in july so all that is quite new for me since I'm basically rather in the world of french litterature... But it's so entertaining that I'm very eager to learn as much as I can.
    I must say that I'm rather surprised that in 3 or 4 months of learning ASP you have only just got around to writing a VBScript function. What tutorial/book/reference material are you using?

    Anyway, I suggest that you carry on learning the basic language constructs for the moment, and leave more advanced topics like regular expressions until you are more familiar with the basics.
    Marcus Tucker / www / blog
    Web Analyst Programmer / Voted SPF "ASP Guru"

  • #7
    Regular Coder
    Join Date
    Aug 2003
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Originally posted by M@rco
    I must say that I'm rather surprised that in 3 or 4 months of learning ASP you have only just got around to writing a VBScript function.
    well, my studies take me a lot of time so... I only feel like I really began last week to go deeper into the ASP world (right after I finished my exams). So you're quite right about the fact that I have to take it all from the biginning since when I started this summer I wasn't very precise about the therms of what I was using. Well... if you're looking for me you'll find me there:

    http://www.w3schools.com/asp/default.asp

    see you soon

  • #8
    Regular Coder
    Join Date
    Oct 2003
    Location
    London, UK
    Posts
    411
    Thanks
    0
    Thanked 1 Time in 1 Post
    Ah, that explains things! All the best with your studies!
    Marcus Tucker / www / blog
    Web Analyst Programmer / Voted SPF "ASP Guru"


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •