List Info

Thread: RE: Scrubbing user inputs
RE: Scrubbing user inputs
country flaguser name
United States		 2008-07-18 11:10:43 

  


  

    

write a "replace" loop that goes thru all the possibly offending chars 
(chr(n)) and removes them?


 



write a replace loop that takes OUT anything NOT in a string of allowed 
characters? (parse the comment field char by char ... if the selected char is 
NOT in the desired allowed-string, remove it ... as in, build a new string 
without the offending chars, leaving old string untouched ... then enter the new 
string into the db) ...


(you can leave in / remove carriage returns, tabs, other chars .. sub in 
your own secret code, then replace that on the database side ... you can get 
very clever with strings ... just program what you would do _manually_ if given 
the string and all chars were visible)


 


Suzanne ( 2Bwy 
A13.32)
desk: 646-252-8663, cell: 347-907-1125 


 






From: ml-errorsfatcity.com 
[mailto:ml-errorsfatcity.com] On Behalf Of Monty 
Latiolais
Sent: Friday, July 18, 2008 11:31 AM
To: Multiple 
recipients of list ODTUG-WEBDEV-L
Subject: Scrubbing user 
inputs







Hello 
all,


 


I’ve built a simple html form using 
the pl/sql web toolkit that has a place for the user to include comments. 



It’s been in production for months 
if not years.


 


Recently, we’ve experienced errors 
related to the content of the comments 
and I’ve traced it to users cutting 
and pasting content from MS Word directly into the web form comments 
field.


Even that is fine except for when 
the user attempts to paste in bullets.


 


I’ll have to handle this on the 
client-side. Any ideas?


 


 


Regards,


 


Monty 


  

  
  
   
     
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )