Asp form filtering

[jfancy-Transport Canada]

Hi,

I'm looking for an asp page to detect if there are any characters in my
contact form that shouldn't be there. For example, if there is a "<"
character, then this may mean there is html in my contact form, which
is not good. I want to build a string that has all the values of my
textboxes in my contact form. Its not working? Have a look:


<%

'Declare all the variables and assign them to their respective text
inputs on the feedback.asp page

dim formall : request.Form("x_name") + request.Form("x_email") +
request.Form("x_subject") + request.Form("x_comments")


'Use the In-String Function to detect on html open or close tags found
in the input boxes. If so, Don't send e-mail

if (Instr(formall,">")) OR (Instr(formall, ";")) Then

response.redirect("test2.html") 'Just a test


end if



%>




If anyone can help, it would be good!!


jf

 

[Aaron Bertrand [SQL Server MVP]]

Why don't you do this with client-side JavaScript, before the submit? You
can use regular expressions there and you will prevent (a) server activity
and (b) the user having to wait for the submission to be rejected by the
server.

What is wrong with semi-colon (, btw?

 

[Steven Burn]

Use Regular Expressions (RegEx), the following has code you can adapt to
your use.

#2344: How do I highlight words in a string?
http://aspfaq.com/show.asp?id=2344

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Ray Costanzo [MVP]]

Have you considered allowing those characters and just Server.HtmlEncode'ing
the strings whenever you need to display them?

Ray at work