Asp form filtering

Discussion in 'ASP General' started by jfancy-Transport Canada, Jul 28, 2005.

  1. Hi,

    I'm looking for an asp page to detect if there are any characters in my
    contact form that shouldn't be there. For example, if there is a "<"
    character, then this may mean there is html in my contact form, which
    is not good. I want to build a string that has all the values of my
    textboxes in my contact form. Its not working? Have a look:


    <%

    'Declare all the variables and assign them to their respective text
    inputs on the feedback.asp page

    dim formall : request.Form("x_name") + request.Form("x_email") +
    request.Form("x_subject") + request.Form("x_comments")


    'Use the In-String Function to detect on html open or close tags found
    in the input boxes. If so, Don't send e-mail

    if (Instr(formall,">")) OR (Instr(formall, ";")) Then

    response.redirect("test2.html") 'Just a test


    end if



    %>




    If anyone can help, it would be good!!


    jf
     
    jfancy-Transport Canada, Jul 28, 2005
    #1
    1. Advertising

  2. Why don't you do this with client-side JavaScript, before the submit? You
    can use regular expressions there and you will prevent (a) server activity
    and (b) the user having to wait for the submission to be rejected by the
    server.

    What is wrong with semi-colon (;), btw?


    "jfancy-Transport Canada" <> wrote in message
    news:...
    > Hi,
    >
    > I'm looking for an asp page to detect if there are any characters in my
    > contact form that shouldn't be there. For example, if there is a "<"
    > character, then this may mean there is html in my contact form, which
    > is not good. I want to build a string that has all the values of my
    > textboxes in my contact form. Its not working? Have a look:
    >
    >
    > <%
    >
    > 'Declare all the variables and assign them to their respective text
    > inputs on the feedback.asp page
    >
    > dim formall : request.Form("x_name") + request.Form("x_email") +
    > request.Form("x_subject") + request.Form("x_comments")
    >
    >
    > 'Use the In-String Function to detect on html open or close tags found
    > in the input boxes. If so, Don't send e-mail
    >
    > if (Instr(formall,">")) OR (Instr(formall, ";")) Then
    >
    > response.redirect("test2.html") 'Just a test
    >
    >
    > end if
    >
    >
    >
    > %>
    >
    >
    >
    >
    > If anyone can help, it would be good!!
    >
    >
    > jf
    >
     
    Aaron Bertrand [SQL Server MVP], Jul 28, 2005
    #2
    1. Advertising

  3. jfancy-Transport Canada

    Steven Burn Guest

    Use Regular Expressions (RegEx), the following has code you can adapt to
    your use.

    #2344: How do I highlight words in a string?
    http://aspfaq.com/show.asp?id=2344

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    "jfancy-Transport Canada" <> wrote in message
    news:...
    > Hi,
    >
    > I'm looking for an asp page to detect if there are any characters in my
    > contact form that shouldn't be there. For example, if there is a "<"
    > character, then this may mean there is html in my contact form, which
    > is not good. I want to build a string that has all the values of my
    > textboxes in my contact form. Its not working? Have a look:
    >
    >
    > <%
    >
    > 'Declare all the variables and assign them to their respective text
    > inputs on the feedback.asp page
    >
    > dim formall : request.Form("x_name") + request.Form("x_email") +
    > request.Form("x_subject") + request.Form("x_comments")
    >
    >
    > 'Use the In-String Function to detect on html open or close tags found
    > in the input boxes. If so, Don't send e-mail
    >
    > if (Instr(formall,">")) OR (Instr(formall, ";")) Then
    >
    > response.redirect("test2.html") 'Just a test
    >
    >
    > end if
    >
    >
    >
    > %>
    >
    >
    >
    >
    > If anyone can help, it would be good!!
    >
    >
    > jf
    >
     
    Steven Burn, Jul 28, 2005
    #3
  4. Have you considered allowing those characters and just Server.HtmlEncode'ing
    the strings whenever you need to display them?

    Ray at work

    "jfancy-Transport Canada" <> wrote in message
    news:...
    > Hi,
    >
    > I'm looking for an asp page to detect if there are any characters in my
    > contact form that shouldn't be there. For example, if there is a "<"
    > character, then this may mean there is html in my contact form, which
    > is not good. I want to build a string that has all the values of my
    > textboxes in my contact form. Its not working? Have a look:
    >
    >
    > <%
    >
    > 'Declare all the variables and assign them to their respective text
    > inputs on the feedback.asp page
    >
    > dim formall : request.Form("x_name") + request.Form("x_email") +
    > request.Form("x_subject") + request.Form("x_comments")
    >
    >
    > 'Use the In-String Function to detect on html open or close tags found
    > in the input boxes. If so, Don't send e-mail
    >
    > if (Instr(formall,">")) OR (Instr(formall, ";")) Then
    >
    > response.redirect("test2.html") 'Just a test
    >
    >
    > end if
    >
    >
    >
    > %>
    >
    >
    >
    >
    > If anyone can help, it would be good!!
    >
    >
    > jf
    >
     
    Ray Costanzo [MVP], Jul 28, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jon Sequeira
    Replies:
    3
    Views:
    4,221
    gerry
    Jun 26, 2003
  2. Li Zhang
    Replies:
    4
    Views:
    6,141
    softip
    Feb 27, 2009
  3. JeffDotNet

    Filtering the Asp:FileUpload control

    JeffDotNet, Mar 23, 2006, in forum: ASP .Net Web Controls
    Replies:
    1
    Views:
    138
    Jeffrey Tan[MSFT]
    Mar 24, 2006
  4. TomT
    Replies:
    2
    Views:
    129
  5. Aionius

    Filtering form data.

    Aionius, Aug 20, 2004, in forum: Javascript
    Replies:
    3
    Views:
    92
    Thomas 'PointedEars' Lahn
    Aug 21, 2004
Loading...

Share This Page