468,514 Members | 1,423 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,514 developers. It's quick & easy.

Asp form filtering

Hi,

I'm looking for an asp page to detect if there are any characters in my
contact form that shouldn't be there. For example, if there is a "<"
character, then this may mean there is html in my contact form, which
is not good. I want to build a string that has all the values of my
textboxes in my contact form. Its not working? Have a look:
<%

'Declare all the variables and assign them to their respective text
inputs on the feedback.asp page

dim formall : request.Form("x_name") + request.Form("x_email") +
request.Form("x_subject") + request.Form("x_comments")
'Use the In-String Function to detect on html open or close tags found
in the input boxes. If so, Don't send e-mail

if (Instr(formall,">")) OR (Instr(formall, ";")) Then

response.redirect("test2.html") 'Just a test
end if

%>


If anyone can help, it would be good!!
jf

Jul 28 '05 #1
4 1835
Why don't you do this with client-side JavaScript, before the submit? You
can use regular expressions there and you will prevent (a) server activity
and (b) the user having to wait for the submission to be rejected by the
server.

What is wrong with semi-colon (;), btw?
"jfancy-Transport Canada" <ju*********@gmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
Hi,

I'm looking for an asp page to detect if there are any characters in my
contact form that shouldn't be there. For example, if there is a "<"
character, then this may mean there is html in my contact form, which
is not good. I want to build a string that has all the values of my
textboxes in my contact form. Its not working? Have a look:
<%

'Declare all the variables and assign them to their respective text
inputs on the feedback.asp page

dim formall : request.Form("x_name") + request.Form("x_email") +
request.Form("x_subject") + request.Form("x_comments")
'Use the In-String Function to detect on html open or close tags found
in the input boxes. If so, Don't send e-mail

if (Instr(formall,">")) OR (Instr(formall, ";")) Then

response.redirect("test2.html") 'Just a test
end if

%>


If anyone can help, it would be good!!
jf

Jul 28 '05 #2
Use Regular Expressions (RegEx), the following has code you can adapt to
your use.

#2344: How do I highlight words in a string?
http://aspfaq.com/show.asp?id=2344

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

"jfancy-Transport Canada" <ju*********@gmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
Hi,

I'm looking for an asp page to detect if there are any characters in my
contact form that shouldn't be there. For example, if there is a "<"
character, then this may mean there is html in my contact form, which
is not good. I want to build a string that has all the values of my
textboxes in my contact form. Its not working? Have a look:
<%

'Declare all the variables and assign them to their respective text
inputs on the feedback.asp page

dim formall : request.Form("x_name") + request.Form("x_email") +
request.Form("x_subject") + request.Form("x_comments")
'Use the In-String Function to detect on html open or close tags found
in the input boxes. If so, Don't send e-mail

if (Instr(formall,">")) OR (Instr(formall, ";")) Then

response.redirect("test2.html") 'Just a test
end if

%>


If anyone can help, it would be good!!
jf

Jul 28 '05 #3
Have you considered allowing those characters and just Server.HtmlEncode'ing
the strings whenever you need to display them?

Ray at work

"jfancy-Transport Canada" <ju*********@gmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
Hi,

I'm looking for an asp page to detect if there are any characters in my
contact form that shouldn't be there. For example, if there is a "<"
character, then this may mean there is html in my contact form, which
is not good. I want to build a string that has all the values of my
textboxes in my contact form. Its not working? Have a look:
<%

'Declare all the variables and assign them to their respective text
inputs on the feedback.asp page

dim formall : request.Form("x_name") + request.Form("x_email") +
request.Form("x_subject") + request.Form("x_comments")
'Use the In-String Function to detect on html open or close tags found
in the input boxes. If so, Don't send e-mail

if (Instr(formall,">")) OR (Instr(formall, ";")) Then

response.redirect("test2.html") 'Just a test
end if

%>


If anyone can help, it would be good!!
jf

Jul 28 '05 #4
jfancy-Transport Canada wrote:
I'm looking for an asp page to detect if there are any characters in
my contact form that shouldn't be there. For example, if there is a
"<" character, then this may mean there is html in my contact form,
which is not good. I want to build a string that has all the values
of my textboxes in my contact form.


What's wrong with a user submitting any character that pleases him? I
suggest you familiarize yourself with Server.HTMLEncode.

http://msdn.microsoft.com/library/en...f4ee5853a7.asp

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.
Jul 28 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by CSDunn | last post: by
2 posts views Thread by Sean | last post: by
reply views Thread by Lyn | last post: by
reply views Thread by NPC403 | last post: by
1 post views Thread by fmendoza | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.