Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Web Programming > JavaScript > Javascript How-To
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Javascript How-To Ask your "How do I do this with Javascript?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Javascript How-To section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old February 24th, 2006, 05:26 AM
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default javascript remove bad characters for MySQL db hit

Code:
function fix_chars(id,val)
{
    if ((typeof(val)=="undefined")||(typeof(id)=="undefined")){
        return;
    }
    if(/'/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/'/g,'');
    }
    if(/&/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/&/g,'');
    }
    if(/_/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/_/g,'');
    }
    if(/,/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/,/g,'');
    }
    if(/%/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/%/g,'');
    }
    if(/`/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/`/g,'');
    }
    if(/"/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/"/g,'');
    }
    if(/@/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/@/g,'');
    }
    if(/~/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/~/g,'');
    }
    if(/#/.test(val))
    {
        document.forms["fexp"].elements[id].value = val.replace(/#/g,'');
    }
}

<input type="text" name="depapt" id="depapt" onKeyUp="fix_chars('depapt',this.value);" />
Is there anyway to cut this function 'fix_chars' down? Am i missing something?
My object is basically to remove any bad characters to stop it crashing my MySQL Database.

Picco

www.crmpicco.co.uk
__________________
_______________________
Ayrshire Minis - a Mini E-Community
http://www.ayrshireminis.com
http://www.crmpicco.co.uk
Reply With Quote
  #2 (permalink)  
Old February 24th, 2006, 05:48 AM
Friend of Wrox
 
Join Date: Jul 2003
Location: , , United Kingdom.
Posts: 683
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi Picco,

You could do something like this...
Code:
function fix_chars(textBox)
{
    textBox.value = textBox.value.replace(/['&_,%`"@~#]/g, "");
}
...
<input type="text" name="depapt" id="depapt" onKeyUp="fix_chars(this);" />
However, IMHO you should not rely on client side code to prevent db crashes as this can easily be disabled.

Also, these characters should not really be crashing your db.

HTH,

Chris

Reply With Quote
  #3 (permalink)  
Old February 24th, 2006, 09:31 AM
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default

thanks Chris, it was mainly the & and the ' that would crash the db, i was just being sure that the others wouldnt by filtering them out......

www.crmpicco.co.uk
Reply With Quote
  #4 (permalink)  
Old February 24th, 2006, 09:39 AM
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default

BTW, what characters WOULD crash my DB? the & and ' for sure. but what out of my function and what ive not got would crash, or cause problems with my db. thanks for your help chris

www.crmpicco.co.uk
Reply With Quote
  #5 (permalink)  
Old February 24th, 2006, 09:52 AM
Friend of Wrox
 
Join Date: Jul 2003
Location: , , United Kingdom.
Posts: 683
Thanks: 0
Thanked 1 Time in 1 Post
Default

If we're talking text fields here, you should be able to insert all the above characters into a MySQL db.

Can you post the sql that's causing the problems?

Cheers,

Chris

Reply With Quote
  #6 (permalink)  
Old March 1st, 2006, 01:15 PM
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default

Code:
choice = request("choice")
set rs2=con.execute("select * from db_stadiumname where countryname like '"&choice&"%' and languagecode = 'gb'")
Choice is coming from a text box in the previous page.

What happens is that if a bad character, for example, an apostrophe is entered and submitted then it crashed the MySQL hit and the DB.

Is this not fairly common surely, that is the reason i have built CS and SS validation to catch this...

Picco


www.crmpicco.co.uk
Reply With Quote
  #7 (permalink)  
Old March 1st, 2006, 06:21 PM
Friend of Wrox
 
Join Date: Jul 2003
Location: , , United Kingdom.
Posts: 683
Thanks: 0
Thanked 1 Time in 1 Post
Default

You just need to replace apostrophes with two apostrophes e.g.
Code:
choice = request("choice")
If choice <> "" Then
    choice = Replace(choice, "'", "''")
End If
HTH,

Chris

Reply With Quote
  #8 (permalink)  
Old March 2nd, 2006, 10:14 AM
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default

just wondering Chris, you mentioned that most of those chars SHOULDNT crash my db, but surely the apos and ampersand and classic MySQL crashing characters. are you thinking of something else?

www.crmpicco.co.uk
Reply With Quote
  #9 (permalink)  
Old March 2nd, 2006, 10:30 AM
Friend of Wrox
 
Join Date: Jul 2003
Location: , , United Kingdom.
Posts: 683
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hi Picco,

I insert apostrophes and ampersands all the time without any problems.

Cheers,

Chris

Reply With Quote
  #10 (permalink)  
Old March 6th, 2006, 08:02 AM
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default

what SS-code are you using?

www.crmpicco.co.uk
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
remove characters from "=" and before ymeyaw Excel VBA 2 February 27th, 2007 06:02 AM
Custom script to remove special characters midoriweb Classic ASP Basics 2 January 12th, 2007 08:05 AM
asp variable declaration bad characters crmpicco Classic ASP Basics 2 August 18th, 2005 07:49 AM
characters a MySQL DB cannot deal with crmpicco MySQL 1 May 9th, 2005 07:15 AM
Want to get Polish characters from mySQL db zarol Beginning PHP 2 April 13th, 2005 09:20 AM



All times are GMT -4. The time now is 04:08 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.