I have written a function to validate user input, so that it properly returns a valid time if the user inputs 1600 or 16:00 or 4:00 pm the time is properly formatted (it may need a little more tweaking, but you get the idea) This is the function : Code:
View RepliesI am working on a web application that uses both asp classic and asp.net
pages. We need to validate user input to avoid attacks like sql injection.
Can a component be created that both page types can use? Is that the best
approach? Would I simply use pattern matching to validate strings and/or
remove any unwanted characters?
I am aware of the vb function IsDate()... However, I want to check that the value from the form is ONLY a time in the following format hh:mm...
Any way of doing this? (Other then using two dropdowns with predefined hours and minutes?
I'm using the following code and if someone enters something in the "instructions" field with characters -"', - it causes the SQL statement to change using those characters.
Dim strSQLadd
strSQLadd = "INSERT INTO orders" &_
"(form_number, orig_number, order_loannum, order_date, order_time, order_address, order_city, order_zip," &_
"order_contact, order_lockbox, order_agent, order_homephone, order_workphone, order_cellphone," &_
"order_legal, order_instructions, order_deliver, order_pay, order_altmail, order_appraiser) " &_
"VALUES (" & FormNum & "," & OrigNum & ",'" & CaseNum & "','" & OrderDate & "','" & OrderTime & "','" & pave & "','" & City & "','" &_
Zip & "','" & Owner & "','" & LockBox & "','" & Agents & "','" & BorHmP & "','" & BorWrkP & "','" &_
BorCellP & "','" & Legal & "','" & Instruct & "','" & DeliverType & "','" & Payment & "','" & AltMailType & "','" & AppName &"');"
objconn.Execute (strSQLadd)
Does anyone know if its possible to create and email HTML
forms. Email recipients would then input information to
these forms in the same way that they would on a web
page. Pressing the submit button would mail the form
back, after which it would be separately submitted to an
ASP page on the web server for processing.
The main reason for this is so we don't have all the
issues associated with firewalls and security to deal
with. Our corporate mail servers will strip out viruses
so that not a problem.
I have a form that I am trying to append to include a CAPTCHA validation field.
I have added the CAPTCHA code to the end of the form itself and now I am struggling to make the processor do a couple of things:
***If the CAPTCHA validates as well as all the form input data>>confirmation page and send appropriate email.
***If the form is filled out, but the CAPTCHA authentication is wrong>>go back to the same page, keep the form filled out, and give one more chance to correctly enter the CAPTCHA field.
***If the form is being spammed.......fail and die gracefully.
Here is the processor code thus far: Code:
What is the best way to handle user input into a form which passes info to an .asp application. The problem I have is if somebody enters in "dave's" the asp code breaks because of the ' in the input field. What is the best way to handle this kind of input?
View Replies View RelatedASP without Access database (my webserver does not support this). I'm looking for some ASP code that can show a calendar on a webpage. The people looking at the page should be able to type in a small message and a date and then send the info to the webpage. which then updates itself.
I have a more specific example of my needs. Often when I need to arrange a meeting with friends, then I send out a mail to ex. 10 persons. They can choose between 3 different days and I want to find the day that most people can come.
Instead of getting mails back and evaluate thise, I would like them to make their reservation on the asp-webpage. This way the others can follow the "favorite" day that is accurring when a few people has typed their favorite meetingday. Hope this was understandable.
I have forms and photo upload features in my website. I'm using IIS 5.1 in Windows XP Pro. What do I need to add into my code to validate user input? I had SQL injection attack before, now I use replace function to remove any malicious words such as SELE, DELE, Ad, etc.. to prevent SQL injection attack. Are there any other attacks which it can be triggered in a text input field? What do I need to do to prevent it?
I also have a photo upload feature, it allows user upload photos to my table and the photo will be displayed in the gallery. How can I validate the user upload file is image file only? I mean user might be able to upload malicious scripts, virus to my server. How can I prevent that?
My experience so far is limited to VBA in Windows based apps like Access, Excel etc.
Is ASP event driven like Visual Basic?
If so, can ASP cause the server time to be input into a field on a double click event?
Is there some function similar to isDate() that can be used to verify times entered.
View Replies View RelatedI have a HTML page with a form on it. I have an ASP page that processes what a user has entered into the form (updates a database etc).
I now need a page that fits between these two pages to pre-process�the users input. I need to do it this way because I am not allowed to change either of the two existing pages.
I know how to read what the user has input into the form and I know how to pass control onto the next page.
What I have not been able to work out is how to change the user input and have those changes passed onto the next page as if nothing has happened (that is, the original ASP page just performs its request.form(�item�) calls as it always has but instead of seeing what the user actually typed in, it should see the changed text as created by the new pre process� page)
I have tried using a regular expression replace but can only successfully make this change a variable and not the original form input. Equally I cannot find a way of swapping the original form input string with the output variable from the replace.
Does anyone have any ideas on this one?
I want to add the "Did you mean" - Google feature to searches on my
website.
My website lets users search for a business using different
parameters.
If there is no match, I want to do a spell check on the entered
parameters.
I need to be able to check words with an english dictionary as well as
add words(business names) to the dictionary. Code:
This problem only occur when ppl using NetScape 7.2 I've tested it myself and it works in IE and it DOESN"T work in NetScape 7.2 Here is the code:
View Replies View Relatedwrite a simple function to check the user input from a form. I need to check that the string contains only numbers, has a maximum leght of say 15 and that the first number is zero.
View Replies View RelatedIsn't there some line of code that I can write to tell ASP to treat everything between BLAH and /BLAH as text (including the apostrophe). So that users can type a name of "O'Malley" in a form and I can retrieve it and store it in my database.
View Replies View RelatedHow to select query according to User Input for a WebPage in C#.Net with SQL Server 2000.I am trying to build a web page in C#.NET with SQL Server 2000 using Visual Web Developer 2005. I want to select and execute the query according to user input.
I have a form which has 2 textboxes which gets start date and end date from the user. Based on start/end date my 1st query runs. Now if user does not enter any start/end date I want to run another query which takes default dates from database(which is in varchar:ex. now()/now()-180) according to logged on user's permisstions.
How to select query ?
In our legacy asp/web-application, we have
date/time-input form in USA style
(i.e. mm/dd/yyyy and 12hour-scale time with AM/PM).
There is also some validation code on client side,
and then submitted data are used in MSSQL queries.
Now I would like to know about how to generate locale-dependent
HTML form layout, and what ready-made ASP code could I borrow
for this task.
is it possible to time how long a user has spent on a page and when the user exists the page an new entry is added to a database.
View Replies View Relatedi developing a web site and having a login function. i want my web site to track down the time between a user logged in and log out the website and stored it into database. when next time the user come in again, the time he spent in the web site will add on to the record in the database. may know where i can look for the information about this function or coding to refer?
View Replies View RelatedI have a little code to add multiple items to a shopping cart based
page. This code works perfect, but it adds all of the info to the
same input fields every time it loops. I need it to change the input
names each time it loops. Here is the code:
I have being working with making an edit field over the past few days. The edit function is now working fine. The edit fields that i have are for id, subject, notes, timedate.
All of the edit screens are one line text screens. What I want to do now is increase the size of the notes box to a larger textarea type box to make it easier to edit notes. The notes field in the db is a textarea field. Code:
I got this login script and I edited it all and it seems to
run fine...IE it listens to the script as far as permissions go when I
place a restriction on a page and when you login it redirects. But
first it doesn't tell you that you're logged in and doesn't provide a
logout feature.
And most importantly if I type in a random username and password not
listed in the database it doesn't seem to matter it still "lets me
login"
I think it may have something to do with my database connection. I
am using an SQL database/server ADO connection. But I don't know if
I entered it right in the code. Code:
I've modified this form to my liking but would like to validate the fields as the user continues from page to page. Does anyone know what I need to do to the code in order for this work? Code:
View Replies View Relatedive gota a input box where i can enter in numbers- which load info from a db, but i want to validate the data entered so that the code will be able to show an error message when letters are entered. Is there any way of doing this??
View Replies View Relatedwhats the best way for me to validate the data that has been put into a form on my page?
View Replies View Relatedhow to compare the date entered in a textfield and the present date.i tried a sample program but it doesnt work and returned "not".its my first time to encounter date processing
code:
textfield value=1/8/2005 //what i've entered
if date_entered=date() then
Response.Write("present")
else
Reponse.Write("not")
end if
I'm trying to get my page in order using the HTML validator at www.w3.org.It reports problems in my using the ampersand '&' in the following statement. Should I be using someting other than the '&'..?
<a href="search.asp?title=Hot%20Stuff&artist=Bob&OrderBy=desc&status=av">
-------------------------------------^----------^------------^
Line 220, column 67: cannot generate system identifier for general entity
"artist"
Line 220, column 80: cannot generate system identifier for general entity
"OrderBy"
Line 220, column 93: cannot generate system identifier for general entity
"status"
I would have asked the HTML group, but I figured they may not know ASP.
It's good practice to validate input, not only where it should be coming from, but from anywhere it's possible to change or add input for a "client". If all user input is transfered using "post" you can be pretty tough on querystrings, if you use them at all.
But user input could have a name like Mc'Donald, and we would not like quotes (wether single or double) in input to a database or an asp script. Though I beleive more dangerous in SQL server there should be (?) a danger with access as well. (The infamous SQL injection) Anyone with some "input" in this matter? Escape caracters? Haven't found any. Changing the caracter "scriptwise"? Maybe
how can i validate a string so that it have only the characters of ASCII 32 to 91 and 93 to 122 ? Also if the string contains the comma (,) the whole string should be converted inside the quotes ("")
i.e.
if the string is: example string, Ok,it should be: "example string, Ok".
if I could get some guidance as to the best way to validate a date entered by a user on an asp form format dd/mm/yy. The date is then stored in a Access table. I would like to validate it to prevent the unfriendly error message if date has been entered incorrectly.
View Replies View RelatedHow can i validate that an input to a field is a number?
View Replies View Relatedsome vbscript coding on on the server side which states sumthing on the lines of if chkbox is checked then textfield should be not null.
View Replies View Related