Cleaning a blacklisted character from a variable

	Home Register Search Help Login

Recent Posts
Todays Posts
Most Active posts
Posts since last visit
My Recent Posts
Mark posts read

Sponsors
Shopping Cart Software
Ecommerce software integrated into Frontpage, Dreamweaver and Golive templates. No monthly fees and available in ASP and PHP versions.
Website Templates
We also have a wide selection of Dreamweaver, Expression Web and Frontpage templates as well as webmaster tools and CSS layouts.
Frontpage website templates
Creative Website Templates for FrontPage, Dreamweaver, Flash, SwishMax

Cleaning a blacklisted character from a variable

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> Web Development >> ASP, PHP, and Database >> Cleaning a blacklisted character from a variable

Page: [1]


hzarabet Posts: 1549 From: New Milford CT USA Status: offline	Cleaning a blacklisted character from a variable - 10/27/2009 9:03:33 Hi All: It has been a long time since I have been here and hope all are well! I have a function that blocks blacklisted characters when a Request passes through it. It will redirect the page if it catches one. But in 1 case the page must always completely process (payment processing page) so I want to cleanse the variable (in this case it is not malicious) before it hits the function so it doesn't trigger the redirect. Using Replace(Request.Form("Problem_Variable"),"VARCHAR","") gives me the following error: Cannot use parentheses when calling a Sub How do I alter the Request.Form so the altered Request is read by my function? Thanks, Howard


bobby Posts: 11479 Joined: 8/15/1969 From: Seattle WA USA Status: offline	RE: Cleaning a blacklisted character from a variable - 10/27/2009 11:34:47 I'm not sure why your code is not working... it looks right to me, but it's been a while. You could try reading the form value into a variable, then using REPLACE... but that could allow malicious code into your string... _____________________________ Talk to your kittens about catnip, or someone else will. (in reply to hzarabet)


hzarabet Posts: 1549 From: New Milford CT USA Status: offline	RE: Cleaning a blacklisted character from a variable - 10/27/2009 12:00:10 I thought of doing as you said, but that would not stop the function from reading the original REPLACE.FORM. _____________________________ http://www.SigningsHotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada (in reply to bobby)


ou812 Posts: 1705 Joined: 1/5/2002 From: San Diego Status: offline	RE: Cleaning a blacklisted character from a variable - 10/27/2009 12:46:19 I don't believe you can use a request.form function inside of the replace function. I would do as Bobby suggested: <EDIT>And yes you can use a request.form inside! I was thinking from the error message that you couldn't</EDIT> temp=request.form("problem_variable") x = Replace(temp,"VARCHAR","") Then check the variable x for whatever you're doing. < Message edited by ou812 -- 10/27/2009 13:26:11 > _____________________________ -brian Black Holes suck. EnterpriseDB: Enterprise-class relational database management system PostgreSQL: The world's most advanced open source database (in reply to hzarabet)


bobby Posts: 11479 Joined: 8/15/1969 From: Seattle WA USA Status: offline	RE: Cleaning a blacklisted character from a variable - 10/27/2009 13:00:13 ... the VBScript should allow exactly what you are trying to do. I'm not sure why it is not working. When I googled around to see if I was wrong I saw several examples with perentheses shown as you have them. Since it isn't working, I would drop it into a variable, then scrub the variable before passing on the result. _____________________________ Talk to your kittens about catnip, or someone else will. (in reply to ou812)


hzarabet Posts: 1549 From: New Milford CT USA Status: offline	RE: Cleaning a blacklisted character from a variable - 10/27/2009 13:06:51 OK, but where I am losing this is in the function itself. I can set the variable to "X" and then use REPLACE on that as you suggest, but the function is still going to process the original Request.Form("problem_variable"). I do not want the function to disregard these characters all the time, just in certain instances which is why I want to clean out the request before it hit the function. _____________________________ http://www.SigningsHotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada (in reply to ou812)


ou812 Posts: 1705 Joined: 1/5/2002 From: San Diego Status: offline	RE: Cleaning a blacklisted character from a variable - 10/27/2009 13:16:53 Have you tried setting your function equal to something? test = Replace(Request.Form("Problem_Variable"),"VARCHAR","") I tried your code real quick and get the same error. But when I set it equal to something it works fine. And, I'm still not quite certain what you're trying to do logically. Maybe post some of the surrounding code too? _____________________________ -brian Black Holes suck. EnterpriseDB: Enterprise-class relational database management system PostgreSQL: The world's most advanced open source database (in reply to hzarabet)


bobby Posts: 11479 Joined: 8/15/1969 From: Seattle WA USA Status: offline	RE: Cleaning a blacklisted character from a variable - 10/27/2009 13:17:55 now I'm confused... but that isn't hard to do... I would suggest only using the variable and raplace method when you want to do it then... don't bother dropping it into a variable if you don't want to any other time. If you can get it to work using a variable for the form data and scrubbing that... then use that sequence anywhere you want to scrub the characters from the form data... if you don't want to srub it, don't. _____________________________ Talk to your kittens about catnip, or someone else will. (in reply to hzarabet)


hzarabet Posts: 1549 From: New Milford CT USA Status: offline	RE: Cleaning a blacklisted character from a variable - 10/28/2009 15:39:51 OK, you have blacklist array with a bunch of malicious words/characters. Then the function: Function CheckStringForSQL(str) On Error Resume Next Dim lstr ' If the string is empty, return true If ( IsEmpty(str) ) Then CheckStringForSQL = false Exit Function ElseIf ( StrComp(str, "") = 0 ) Then CheckStringForSQL = false Exit Function End If lstr = LCase(str) ' Check if the string contains any patterns in our ' black list For Each s in BlackList If ( InStr (lstr, s) <> 0 ) Then CheckStringForSQL = true Exit Function End If Next CheckStringForSQL = false End Function ________________________________________________ The you have the part where you run through the REQUEST.FORM: For Each s in Request.Form If ( CheckStringForSQL(Request.Form(s)) ) Then iRequest = Request.Form(s) Response.Redirect(ErrorPage) End If Next If I do as you say and set up a new variable, this will not prevent the above script from still reading the culprit REQUEST.FORM, or will it? (in reply to bobby)

Page: [1]

All Forums >> Web Development >> ASP, PHP, and Database >> Cleaning a blacklisted character from a variable

Page: [1]

Jump to: 1

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts