String Validation for Sqlinjection - C# Snipplr Social Repository

Revision: 5143

at February 14, 2008 00:34 by jags_sonawane

Initial Code

public bool InvalidChars(string sInput)
 {
     bool functionReturnValue = false;
    
     //Declare variables
    
     object sBadChars;
     object iCounter;
    
     //Set functionReturnValue to False
    
     functionReturnValue = false;
    
     //Create an array of invalid characters and words
    
     sBadChars = array("select", "drop", ";", "--", "insert", "delete", "xp_", "#", "%", 

"&",
     "'", "(", ")", "/", "\\", ":", ";", "<", ">", "=",
     "[", "]", "?", "`", "|");
    
     //Loop through array sBadChars using our counter & UBound function
    
     for (iCounter = 0; iCounter <= Information.uBound(sBadChars); iCounter++) {
        
         //Use Function Instr to check presence of illegal character in our variable
        
         if (Strings.Instr(sInput, sBadChars(iCounter)) > 0) {
            
             functionReturnValue = true;
            
         }
        
     }
     return functionReturnValue;
    
 }

Initial URL

Initial Description

Initial Title

String Validation for Sqlinjection

Initial Tags

sql

Initial Language

C#

Choose a language for easy browsing: