help someone fugging my site :(

Discussion in 'ASP General' started by mark r, Aug 18, 2007.

  1. mark r

    mark r Guest

    i run a small big brother website www.neue.co.uk/bigbrother and every
    so often someone comes in and posts something to my shoutbox that
    kills the script and i get an error saying

    Microsoft VBScript runtime error '800a000d'

    Type mismatch: 'HTMLEncode'

    /bigbrother/lesley.asp, line 120

    i have a script that checks and replaces bad words and im wondering if
    theyre trying to sql inject me or soemthing?

    is there anything simple i can add into the 'bad words' checker that
    would stop this happening? i.e. i know that to check for a quote mark
    (") you can use something like """"""" but i dont know how many of
    them to use lol.

    my badwords checker is:

    <%
    Function ReplaceBadWords(InputComments)
    Dim badChars, newChars, sLength, sAttachtoEnd, x, i
    'create an array of bad words that should be filtered
    badChars = array("rubbish", "crap", "shit", "****", "twat", "fucking",
    "****", "dick", "bollocks", "wank", "wanker", "bastard", "bitch",
    ", "<a href="http://", "</a>", "<script", "</
    script>" )
    newChars = InputComments
    'loop through our array of bad words
    For i = 0 to uBound(badChars)
    'get the length of the bad word
    sLength=Len(badChars(i))
    'we are going to keep the first letter of the bad word and replace all
    the other
    'letters with *, so we need to find out how many * to use
    For x=1 to sLength-1
    sAttachtoEnd=sAttachtoEnd & "*"
    Next
    'replace any occurences of the bad word with the first letter of it
    and the
    'rest of the letters replace with *
    newChars = Replace(newChars, badChars(i), Left(badChars(i),1) &
    sAttachtoEnd)
    sAttachtoEnd=""
    Next
    ReplaceBadWords = newChars
    End function
    %>

    thanks guys!
     
    mark r, Aug 18, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BillP
    Replies:
    9
    Views:
    406
  2. PORTfAR
    Replies:
    1
    Views:
    396
    Mark Parnell
    Feb 25, 2005
  3. Ross Culver
    Replies:
    7
    Views:
    546
    Laurent Bugnion, MVP
    Jun 15, 2007
  4. David De
    Replies:
    1
    Views:
    462
    David De
    Apr 25, 2008
  5. torbs

    Can someone test this site

    torbs, May 4, 2006, in forum: Javascript
    Replies:
    0
    Views:
    90
    torbs
    May 4, 2006
Loading...

Share This Page