Posted by david on 2. March 2009 10:43
I’m not sure how all this works … seems like – well javascript can be denied by the browser. that would bypass the injection prevention. KT asked for vbscript to do this … meaning that vb can’t be turned off?
Here’s the answer:
At this point, you should be starting to see the potential of ASP form handling. For example, you can check the validity of form fields with server-side ASP instead of using client-side JavaScript. If the user has a browser that does not support JavaScript or they have it turned off, your ASP web page will still be smart enough to validate their submitted data. ( source )
wondering now about building a side file. a function. it would take a string, check it, return true or false.
I bagged all of the above & just started to rebuild the page from scratch.
2009_03_01_002
More...
Posted by david on 1. March 2009 14:04
Looking into form field validation for a friend. He’s running classic ASP to a SS2005 db - the problem at hand is how to validate a text field, comments, to make sure someone hasn’t plugged any nastiness into the string.
Before I realized he was coding with ASP, I looked at the ASP.NET 3.5 validator controls. Was pretty fun – here is my test page … using regular expressions to validate the input. There’s miles & miles more to do – but was a nice start.
Then I realized he was using ASP. I didn’t realize how different ASP was … never used it before, that I remember … so started plugging around. More...