问题
I'm trying to add some Input Validation in Classic ASP by using the function/code seen below. The only one that looks like it's working correctly is the "text" type. the others I keep getting errors or it just does not filter correctly. I'm trying to understand what I'm doing wrong please help me.
Valid Data Types: "email", "integer", "date", "string" and "text". The first three are obvious, the last two have slight differences.
The "email" should only allow numbers and leters, and the following characters "@" , "-" , "." , "_"
The "date" should validate by running IsDate and if True then allow if False DON'T.
The "string" should validate text-based querystrings, allowing only letters, numbers, _, - and .
Whereas "text" is any free-form text form field type content.
The "integer" should only allow numbers and a period (.)
Usage Example: <input type="text" value="<%=MakeSafe("test@test.com</HTML>1234.5",integer,50)%>">
Eg: MakeSafe(dataInput,dataType,dataLength)
<%
'// CODE BY: dB Masters
'// FOUND AT: http://successontheweb.blogspot.com/2008/03/input-validation-for-security-in.html
Function MakeSafeConvert(encodeData)
encodeData = replace(encodeData,"&", "&")
encodeData = replace(encodeData,"'", "'")
encodeData = replace(encodeData,"""", """)
encodeData = replace(encodeData,">", ">")
encodeData = replace(encodeData,"<", "<")
encodeData = replace(encodeData,")", ")")
encodeData = replace(encodeData,"(", "(")
encodeData = replace(encodeData,"]", "]")
encodeData = replace(encodeData,"[", "[")
encodeData = replace(encodeData,"}", "}")
encodeData = replace(encodeData,"{", "{")
encodeData = replace(encodeData,"--", "--")
encodeData = replace(encodeData,"=", "=")
MakeSafeConvert = encodeData
End Function
Function MakeSafe(dataInput,dataType,dataLength)
Dim regex, validInput, expressionmatch
regex = ""
validInput = "1"
If dataType = "string" And Len(dataInput) > 0 Then
regex = "^[\w-\.]{1,"& dataLength &"}$"
ElseIf dataType = "email" And Len(dataInput) > 0 Then
regex = "^[\w-\.]+@([\w-]+\.)+[\w-]{2,6}$"
ElseIf dataType = "integer" And Len(dataInput) > 0 Then
regex = "^\d{1,"& dataLength &"}$"
ElseIf dataType = "date" And Len(dataInput) > 0 Then
If Not IsDate(dataInput) Then validInput = "0" End If
ElseIf dataType = "text" And Len(dataInput) > 0 Then
If Len(dataInput) > dataLength Then validInput = "0" End If
End If
If Len(regex) > 0 And Len(dataInput) > 0 Then
Set RegExpObj = New RegExp
RegExpObj.Pattern = regex
RegExpObj.IgnoreCase = True
RegExpObj.Global = True
RegExpChk = RegExpObj.Test(dataInput)
If Not RegExpChk Then
validInput = "0"
End If
Set RegExpObj = nothing
End If
If validInput = "1" And Len(dataInput) > 0 Then
MakeSafe = MakeSafeConvert(dataInput)
ElseIf Len(dataInput) = 0 Then
MakeSafe = ""
Else
Response.Write "<h2>Processing Halted.</h2>"
Response.End
End If
End Function
%>
EXAMPLE CODE AND ERROR(S):
When I test this using the code:
<%=MakeSafe("test@test.com1234.5",email,50)%>
* Does NOT Validate Anything.*
I don't get an error message but it DOES NOT Validate anything.
**The OUTPUT IS : test@test.com1/27/20121234.5
SHOULD BE ONLY: test@test.com**
When I test this using the code:
<%=MakeSafe("test@test.com1/27/20121234.5",date,50)%>
I don't get an error message but it DOES NOT Validate anything.
The OUTPUT IS : test@test.com1/27/20121234.5 SHOULD BE ONLY: 1/27/2012
The other two give me this error message:
<%=MakeSafe("test@test.com1234.5",string,50)%>
* ERROR!!! Wrong number of arguments or invalid property assignment: 'string'
<%=MakeSafe("test@test.com1234.5",integer,50)%>
* ERROR!!! Syntax error
Thank you so much for any help that you provide...
回答1:
If it's not a typo then your fault was in the second parameter of the function call.
You call the function like:
<%=MakeSafe("test@test.com1234.5",email,50)%>
which is wrong because you should "..." the second parameter too. This should work:
<%=MakeSafe("test@test.com1234.5","email",50)%>
来源:https://stackoverflow.com/questions/11927445/validation-for-form-and-querystring-in-asp-classic-using-regex-almost-working-b