help someone fugging my site :(

M

mark r

i run a small big brother website www.neue.co.uk/bigbrother and every
so often someone comes in and posts something to my shoutbox that
kills the script and i get an error saying

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'HTMLEncode'

/bigbrother/lesley.asp, line 120

i have a script that checks and replaces bad words and im wondering if
theyre trying to sql inject me or soemthing?

is there anything simple i can add into the 'bad words' checker that
would stop this happening? i.e. i know that to check for a quote mark
(") you can use something like """"""" but i dont know how many of
them to use lol.

my badwords checker is:

<%
Function ReplaceBadWords(InputComments)
Dim badChars, newChars, sLength, sAttachtoEnd, x, i
'create an array of bad words that should be filtered
badChars = array("rubbish", "crap", "shit", "****", "twat", "fucking",
"****", "dick", "bollocks", "wank", "wanker", "bastard", "bitch",
", "<a href="http://", "</a>", "<script", "</
script>" )
newChars = InputComments
'loop through our array of bad words
For i = 0 to uBound(badChars)
'get the length of the bad word
sLength=Len(badChars(i))
'we are going to keep the first letter of the bad word and replace all
the other
'letters with *, so we need to find out how many * to use
For x=1 to sLength-1
sAttachtoEnd=sAttachtoEnd & "*"
Next
'replace any occurences of the bad word with the first letter of it
and the
'rest of the letters replace with *
newChars = Replace(newChars, badChars(i), Left(badChars(i),1) &
sAttachtoEnd)
sAttachtoEnd=""
Next
ReplaceBadWords = newChars
End function
%>

thanks guys!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top