• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

ASP code filter

i am after suggestions for a good piece of code/script/plugin for checking/cleaning text that a user can enter, to ensure there is no injection, or potentially unwanted entry.

i have an asp site that users can log into and update there profile information, i would like for them to be able to enter some html formatting rather than straight text only, however i need to ensure that they cant be malicious and inject anything.t
one solution i had was to give them a standard format, eg Leadtext, Bullet point 1, Bullet point 2, Bullet point 3, Bullet point 4, EndText. However his is little better than what i have now.

Any suggestions guys.
Points will be split amoungst all that offer good advise,
Please bear in mind that i am by no means an experianced programer.

Cheers
Andrew
0
Andrew Davis
Asked:
Andrew Davis
  • 2
  • 2
2 Solutions
 
Dirar Abu KteishCommented:
This is a free plugin that can be easily installed and has a lot of useful functions to work with string
http://www.chilkatsoft.com/refdoc/xCkStringRef.html

and example page

http://www.example-code.com/asp/aspstring.asp
0
 
Andrew DavisManagerAuthor Commented:
Thanks for that dxz2 it looks like they have some interesting tools, however i had a look at the tool it appears to me that it can strip the HTML tags altogether, however i want the users to be able to use html but i need it checked to ensure there are no nasties in it, eg database injection

cheers
0
 
Dirar Abu KteishCommented:
check this url explaining how you can protect yourself from sql injections http://www.4guysfromrolla.com/webtech/061902-1.shtml.
0
 
dosthCommented:
http://www.ariel.web.id/blog/2007/03/15/checking-refferer-prevent-html-form-hijacking/

also before saving the user input to database, check for any <script></script> tag, usally injections done with this tag. use instr function to check any <script> tags is there and tell the user to remove the tags

http://www.w3schools.com/Vbscript/func_instr.asp
0
 
dosthCommented:
thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now