I have forms and photo upload features in my website. I'm using IIS 5.1 in Windows XP Pro. What do I need to add into my code to validate user input? I had SQL injection attack before, now I use replace function to remove any malicious words such as SELE, DELE, Ad, etc.. to prevent SQL injection attack. Are there any other attacks which it can be triggered in a text input field? What do I need to do to prevent it?
I also have a photo upload feature, it allows user upload photos to my table and the photo will be displayed in the gallery. How can I validate the user upload file is image file only? I mean user might be able to upload malicious scripts, virus to my server. How can I prevent that?
What is the best way to handle user input into a form which passes info to an .asp application. The problem I have is if somebody enters in "dave's" the asp code breaks because of the ' in the input field. What is the best way to handle this kind of input?
I'm using the following code and if someone enters something in the "instructions" field with characters -"', - it causes the SQL statement to change using those characters.
Does anyone know if its possible to create and email HTML forms. Email recipients would then input information to these forms in the same way that they would on a web page. Pressing the submit button would mail the form back, after which it would be separately submitted to an ASP page on the web server for processing.
The main reason for this is so we don't have all the issues associated with firewalls and security to deal with. Our corporate mail servers will strip out viruses so that not a problem.
I have a form that I am trying to append to include a CAPTCHA validation field.
I have added the CAPTCHA code to the end of the form itself and now I am struggling to make the processor do a couple of things:
***If the CAPTCHA validates as well as all the form input data>>confirmation page and send appropriate email.
***If the form is filled out, but the CAPTCHA authentication is wrong>>go back to the same page, keep the form filled out, and give one more chance to correctly enter the CAPTCHA field.
***If the form is being spammed.......fail and die gracefully.
ASP without Access database (my webserver does not support this). I'm looking for some ASP code that can show a calendar on a webpage. The people looking at the page should be able to type in a small message and a date and then send the info to the webpage. which then updates itself.
I have a more specific example of my needs. Often when I need to arrange a meeting with friends, then I send out a mail to ex. 10 persons. They can choose between 3 different days and I want to find the day that most people can come.
Instead of getting mails back and evaluate thise, I would like them to make their reservation on the asp-webpage. This way the others can follow the "favorite" day that is accurring when a few people has typed their favorite meetingday. Hope this was understandable.
I have written a function to validate user input, so that it properly returns a valid time if the user inputs 1600 or 16:00 or 4:00 pm the time is properly formatted (it may need a little more tweaking, but you get the idea) This is the function : Code:
I have a HTML page with a form on it. I have an ASP page that processes what a user has entered into the form (updates a database etc).
I now need a page that fits between these two pages to pre-process�the users input. I need to do it this way because I am not allowed to change either of the two existing pages.
I know how to read what the user has input into the form and I know how to pass control onto the next page.
What I have not been able to work out is how to change the user input and have those changes passed onto the next page as if nothing has happened (that is, the original ASP page just performs its request.form(�item�) calls as it always has but instead of seeing what the user actually typed in, it should see the changed text as created by the new pre process� page)
I have tried using a regular expression replace but can only successfully make this change a variable and not the original form input. Equally I cannot find a way of swapping the original form input string with the output variable from the replace.
I am working on a web application that uses both asp classic and asp.net pages. We need to validate user input to avoid attacks like sql injection. Can a component be created that both page types can use? Is that the best approach? Would I simply use pattern matching to validate strings and/or remove any unwanted characters?
write a simple function to check the user input from a form. I need to check that the string contains only numbers, has a maximum leght of say 15 and that the first number is zero.
A field such as name was created to perform a search to find a person. However, if that person is not found, the user can click on the add button and it automatically populates that last name field in the add student form.
Is that possible to do the same with the student id number - by putting in the student id number and if not found click on the add button and the student id is populated on the next form? If so, how? Any tutorials would be very helpful?
Isn't there some line of code that I can write to tell ASP to treat everything between BLAH and /BLAH as text (including the apostrophe). So that users can type a name of "O'Malley" in a form and I can retrieve it and store it in my database.
How to select query according to User Input for a WebPage in C#.Net with SQL Server 2000.I am trying to build a web page in C#.NET with SQL Server 2000 using Visual Web Developer 2005. I want to select and execute the query according to user input.
I have a form which has 2 textboxes which gets start date and end date from the user. Based on start/end date my 1st query runs. Now if user does not enter any start/end date I want to run another query which takes default dates from database(which is in varchar:ex. now()/now()-180) according to logged on user's permisstions.
I have a little code to add multiple items to a shopping cart based page. This code works perfect, but it adds all of the info to the same input fields every time it loops. I need it to change the input names each time it loops. Here is the code:
Create the following code from database but does not validate on enter - I am using ShadowWizards validation code.
<Input fields so work however I will need dropdown and radio buttons to be validated also.
I really like the work ShadowWizard has put in and would like to continue in the same neat, cleaver coded way!
I did validate the few fields with ASP but Yahoo toolbar stops people going back on forms and therefor would not work on all PC's, typically the bosses and now he seems to want it asap so any javascript solution? Code:
I have being working with making an edit field over the past few days. The edit function is now working fine. The edit fields that i have are for id, subject, notes, timedate.
All of the edit screens are one line text screens. What I want to do now is increase the size of the notes box to a larger textarea type box to make it easier to edit notes. The notes field in the db is a textarea field. Code:
I have written an ASP.NET 2.0 application that uses Active Directory or ADAM to manage account users - the site has a page that allows people to create an account (much like any site). The page populates the AD with all the information and the user account but I am unable to enable the account. Microsoft has information on how to do that here --> http://msdn.microsoft.com/library/d...ting_a_user.asp (the sample is for Visual Basic) - and I am unable to complete the bottom portion of the script. Can some one point me in the right direction - or can you tell me how I can add a snippet of VBscript code to an ASP.NET page.
I am using the Active DS Type library - not sure why there are multiple ones (System.DirectoryServices) but it is rather confusing - I seem to accomplish one thing with one and another with the other (they did have trouble co-existing however). Anyway my script works very well but I am not able to access the properties required to enable the account.
Here is a simple version (no error checking) of the code.....
how to go about setting up an asp script or flash action script to take the input from a user of his/her username and password then send an email to the user with the information. I am able to do all of this but the problem is that the users pc is the one sending the email. I want the server to send the email instead.
I have an input box that sends data over to the next page. This input box was in a loop, there creating data looking like this: 2, 0, 0, 3, 0, 4, 0, 22, 0, 0, 0
How do i break the data up in such a way that i can populate it into my db while running through a recordset?
i create a dynamic table to modify user/account for administrative management. I have modify & delete function to be performed.
The idea is that when the admin click the Delete link, he can delete a particular account/user. is it possible to pass variable of buff value to recID??
because when i see the result of request.querystring("recID"), i does not pass the mumerical value sound pretty simple but i can't get it. Code:
I am looking for something similar to "preg_match" and "preg_match_all" in PHP.
I have searched the forum with no luck. I hope you are able to give me some pointers
Basically I want to match some text from a form and loaded it into new variables making use of regular expressions. the text comes form a textarea input type. Code:
I have a bummer here. I have 3 sub R. that I need to call from a input button. I set up the following line, but the script just calls them with out having the button pressed. OOOO! Any ideas?
Is there any way to clean the user input before saving to the database.I tried to use..
Function StripNonNum(strInput) Dim regEx Set regEx = New RegExp regEx.Pattern ="^[w-.]{1,}@([da-zA-Z-]{1,}.){1,}[da-zA-Z-]{2,3}$" regEx.IgnoreCase = True regEx.Global = True StripNonNum = regEx.Replace(strInput, "") End Function
But It doesn't work when user cut&paste the information to screen.For eg.Cut&Paste from a CV which contains Bullet points is there any way to remove these bullet Points before data saving..
Code: <input type="radio" name="dewey_loc" value="dewey" onClick="toggledewey()" checked>Dewey Can't seem to work out how to call an ASP/VBSCRIPT function from within html, is this able to be done? Can call JS without issue, but need to change a Session variable when this radio button is clicked.
I have found that places double quotes ' "text" ' around text inside (INPUT) tags results in everything after the initial quote, '"' gets truncated. I'm passing the form information to another form to allow the user to look over and validate what they're submitting, then they will click the submit button to send it all along. I'm finding that in the validation form, the quoted text inside the (INPUT) tag gets truncated. However, the quoted text inside a TEXTAREA tag does not.
i have a software application and i have to import around 250 users data into the app. I want to automate this step,it the most common info like FN,LN,e-mail etc. The app runs on IIS and uses ASP. I am looking for a GUI input Automation tool which will have scripting capability to take input from a text file and fill the user input fields "automagically".can testing tools like winrunner do this for me?
I am in the process of writing a website which has an access database and uses asp to access it. Part of the site is a search facility. I have heard that it is possible for hackers to gain access to the database by entering SQL in to the search box. First of all is this possible? Secondly if it is possible, what sort of syntax should i be checking for on the text entered in to the search field
