Link to home
Start Free TrialLog in
Avatar of knuckle05
knuckle05

asked on

Form validation against SQL injection and HTML tags

Hi All,

I'm kind of new to javascript and was wondering if anyone had a function that could validate user input.

I'm not concerned about phone numbers and the like so much at this point, I just want to make sure that my field input does not contain HTML tags or script that could be used in an SQL Injection attack.

If I'm forgetting any other type of security issues that could be validated against, please advise.

Thanks alot.

ASKER CERTIFIED SOLUTION
Avatar of pD_EO
pD_EO
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CVSmarc
CVSmarc
Yep i agree, definitely do this validation server side. JavaScript validation should be only used as a nicety/to help the user not as the last line of defense. If you are assigning that JavaScript validation is infallible (as in that you cant get around it) then you are opening your self up to some pretty nasty surprises from someone who comes to your site and knows what they are doing.

If you need it form some other reason then you could use something like this.
<html>
<head>
<script>
var strGlbWord ='hello \' \'\' '

function RepaceChar( strWord ) {
    var strCharToRemove = '"';
    regExp = new RegExp('['+ strCharToRemove +']','g');
    return strWord.replace(regExp,'\'\'');
}
</script>
</head>
<body>

<input type="button" onclick="alert( RepaceChar( strGlbWord ) );" value="Click Me" />

</body>
</html>

ant