473,413 Members | 1,764 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > microsoft sql server > questions > security checking on input string

Join Bytes to post your question to a community of 473,413 software developers and data experts.

security checking on input string

Hello all,
I'm very much an SQL noobie and would appreciate any help I can get on this one...

I need to do a security check on an input string whereby if any character outside the valid range appears, the string is rejected.
The valid range is defined as:
a-z, A-Z,0-9 and the characters <space> <comma> <apostrophe> <comma><full-stop><colon> and <semi-colon>.

So I am trying to create a stored procedure with logic comparable to the lines of this (very rough) pseudocode:

FOR EACH character in string
IF character is not valid
reject string;
(end of loop)
Accept string

What is the best way to do this in T-SQL??
I'm guessing looping through the characters is not the best option.

Many thanks for any help,
Joe
Nov 8 '07 #1
2 1463
iburyak
1,017 Expert 512MB
Hello all,
I'm very much an SQL noobie and would appreciate any help I can get on this one...

I need to do a security check on an input string whereby if any character outside the valid range appears, the string is rejected.
The valid range is defined as:
a-z, A-Z,0-9 and the characters <space> <comma> <apostrophe> <comma><full-stop><colon> and <semi-colon>.

So I am trying to create a stored procedure with logic comparable to the lines of this (very rough) pseudocode:

FOR EACH character in string
IF character is not valid
reject string;
(end of loop)
Accept string

What is the best way to do this in T-SQL??
I'm guessing looping through the characters is not the best option.

Many thanks for any help,
Joe


Try something like this:

Expand|Select|Wrap|Line Numbers
  1. Declare @Str
  2. Set @Str = 'adfa(f'
  3. If Replace(Replace(@Str, ' ',''),',','') like '%[^A-Z,a-z,0-9,!,:,;,'',"]%'
  4. print 'Bad'
  5. else 
  6. print 'Good'
Replace will take care of <space> and <comma>.
I am not sure what <full-stop> is
See http://www.asciitable.com/

Good Luck.
Nov 8 '07 #2
ck9663
2,878 Expert 2GB
Try something like this:

Expand|Select|Wrap|Line Numbers
  1. Declare @Str
  2. Set @Str = 'adfa(f'
  3. If Replace(Replace(@Str, ' ',''),',','') like '%[^A-Z,a-z,0-9,!,:,;,'',"]%'
  4. print 'Bad'
  5. else 
  6. print 'Good'
Replace will take care of <space> and <comma>.
I am not sure what <full-stop> is
See http://www.asciitable.com/

Good Luck.

you might want to create a CHECK Constraint for this one. otherwise it'll keep on happening
Nov 9 '07 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

7
TextField error checking
by: - ions | last post by:
I have created a JComboBox with its Items as a list of "M" numbers ie. M1,M2,M3.......throgh too M110 (thes are the messier objects, a catolouge of deep sky objects) the user selects of of these...
Java
29
PHP Security
by: rjames.clarke | last post by:
I am developing an online application and the last thing I need to get a handle on is security. This app is very heavy with forms. Business critical data will be entered via forms and inserted in...
PHP
3
Field Level Security
by: Dave Wurtz | last post by:
All, Does anyone have ideas how they have implemented field (property) level security? I want to handle this from the business object level, not the database level. Is it best to have a...
Visual Basic .NET
27
Form Security
by: Scott | last post by:
I've been trying to come up with a way to ensure user input is coming from the form on my site, and not auto-submitted from elsewhere, and I don't want to use the "enter the code shown in the...
PHP
4
Looking for general advice on security
by: tony | last post by:
I'm designing a survey form page that will be fairly complex and am becoming confident enough with PHP now to tackle most things. (Thanks to everyone here who has helped) Before I go too far...
PHP
4
Argument Checking
by: Patient Guy | last post by:
Does anyone have any coding rules they follow when doing argument checking? When arguments fail during check, do you return from the call with an ambiguous return value, or do you throw...
Javascript
1
security question(s)
by: nancy | last post by:
I am new to PHP but have done other programming can someone please hold my hand and slowly talk me through some simple security issues? I have seen in PHP documents that there are 'strip...
PHP
5
System.Security.SecurityException: Request
by: Henry Stock | last post by:
I am trying to understand the following error: Any thing you can tell me about this is appreciated. Security Exception Description: The application attempted to perform an operation not allowed...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!