Hi
I run a small business on my own, everything from deliveries to coding
the webshop. This limits the time I can spend on coding, so I hope I'm
not asking to stupid questions.
At present I'm (re)writing "data sanitation" to stop dangerous user
input (from the order form, other input has already been taken care of)
I want some caracters to be removed or changed, like ' which could be
found in some names (Mac'Donald)
So I've started out like this:
--------
dim i,koll,test
For i = 1 to Request.Form.Count
replace(Request.Form(i), "'", "")
if len(Request.Form(i)) > 45 and Request.Form(i) <>
Request.Form("message") or len(Request.Form("message")) > 245 then
session("var") = "order.asp"'to know where in terrlog.asp
Server.Execute("terrlog.asp") 'logs the incident
response.redirect ("terror.htm")'custom error message
end if
Koll = Request.Form(i)&koll'concatenate to later check for unwanted
caracters and if found show terror.htm like above
next
--------
I've tested to use Request.Form.item(i) and in case Request.Form cannot
be changed to put it in a variable
test = Request.Form.item(i)
I've also tested to replace with an x not just with nothing
-------
Invariably this gives the 0x800A0414 error
Microsoft VBScript compilation (0x800A0414)
Cannot use parentheses when calling a Sub
at the replace. Without the replace it works fine.
I don't really see that asfaq 2115 applies here but I've tested to use
Call replace(Request.Form(i), "'", "")
No error - but also no action, the ' is not replaced.
If I get this working a few more caracters and/or words are to be
changed
Any help appreciated.
Mats
PS I posted this before but something went wrong so it did not appear.
In case this appears as a second posting I apologize
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!