Advanced Search

String Validation for Sqlinjection

/ Published in: C#
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. public bool InvalidChars(string sInput)
  2.  {
  3.      bool functionReturnValue = false;
  4.  
  5.      //Declare variables
  6.  
  7.      object sBadChars;
  8.      object iCounter;
  9.  
  10.      //Set functionReturnValue to False
  11.  
  12.      functionReturnValue = false;
  13.  
  14.      //Create an array of invalid characters and words
  15.  
  16.      sBadChars = array("select", "drop", ";", "--", "insert", "delete", "xp_", "#", "%", 
  17.  
  18. "&",
  19.      "'", "(", ")", "/", "\\", ":", ";", "<", ">", "=",
  20.      "[", "]", "?", "`", "|");
  21.  
  22.      //Loop through array sBadChars using our counter & UBound function
  23.  
  24.      for (iCounter = 0; iCounter <= Information.uBound(sBadChars); iCounter++) {
  25.  
  26.          //Use Function Instr to check presence of illegal character in our variable
  27.  
  28.          if (Strings.Instr(sInput, sBadChars(iCounter)) > 0) {
  29.  
  30.              functionReturnValue = true;
  31.  
  32.          }
  33.  
  34.      }
  35.      return functionReturnValue;
  36.  
  37.  }

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.