List Info

Thread: RE: Scrubbing user inputs
RE: Scrubbing user inputs
country flaguser name
United States		 2008-07-21 08:40:38 

  


  

    





Bad URL?  That sounds like this is a GET request, rather
than a POST. ; The reason I say this is that a GET appends the form fields
to the URL, while a POST puts them in an attachment.  If your <form&gt;
tag does not have an attribute named “method” or has method=221;getR21;,
try changing it to <form method=221;post221;>.&nbsp; You may still
need to clean up input, but this will have the additional benefit of allowing
more data – GETs only transmit a few hundred characters.



 









From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Monty
Latiolais

Sent: Friday, July 18, 2008 5:45 PM

To: Multiple recipients of list ODTUG-WEBDEV-L

Subject: RE: Scrubbing user inputs










 




Thanks John.




 



I thought I needed to handle it on the client-side 



because I didn’;t think it was even making the the trip back
due to the error msg.



 



The error I’m getting when bullets and such are being pasted
directly from MS Word is:




 



ORA-29262: bad URL



 



If I supply anything else, the form processes normally. Is there a
way to “see” the URL it’s assembling?



 



(I plan on implementing the measures Jim mentioned previously. Good
ideas.) 



 



Monty




 



 















From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of John
Flack

Sent: Friday, July 18, 2008 11:11 AM

To: Multiple recipients of list ODTUG-WEBDEV-L

Subject: RE: Scrubbing user inputs






 




Tell us a little more – what errors are you getting
&#8211; error code, additional information?



What is the datatype of the parameter to your
R20;action&#8221; procedure that processes input from the form? ; What
is the datatype of the comment column in your table?&nbsp; Why do you need to
handle it client-side?



 



I have used a “clean-up”; routine that handles this
server side – it removes white space from the beginning and end of the
incoming data, changes non-printable characters to spaces, removes extra spaces
and normalizes carriage returns and linefeeds to CRLF sequences before storing
the data in the database.



 









From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Monty
Latiolais

Sent: Friday, July 18, 2008 11:31 AM

To: Multiple recipients of list ODTUG-WEBDEV-L

Subject: Scrubbing user inputs










 




Hello
all,



 



I’ve
built a simple html form using the pl/sql web toolkit that has a place for the
user to include comments. 



It’s
been in production for months if not years.



 



Recently,

we’ve experienced errors related to the content of the comments 

and I’ve traced it to users cutting and pasting content from MS Word
directly into the web form comments field.



Even
that is fine except for when the user attempts to paste in bullets.



 



I’ll
have to handle this on the client-side. Any ideas?



 



 



Regards,



 



Monty







  

  
  
   
     
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )