Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Contains HTML

Status
Not open for further replies.
transparent

transparent

Programmer
Sep 15, 2001
333
GB
Has any body written any code to check to see if a string contains HTML or SQL?

I want to ensure that my users dont try to inject HTML, Javascript or SQL into my sites content.

 
Sort by date Sort by votes
Users shouldn't be able to add Javascript or HTML into your site by default (this can be changed by setting the validateRequest tag in the page directive).

As for SQL, you should use parameters when executing SQL commands as this will prevent against SQL injection attacks.

So, basically, you shouldn't ever have to worry about it if you have coded your site correctly and with this in mind.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SGLong
  • Locked
  • Question
Hiding a HTML table in code
Replies
3
Views
240
jbenson001
jbenson001
Badgers
  • Locked
  • Question
Truncate a string which contains HTML
Replies
1
Views
125
jbenson001
jbenson001
primagic
  • Locked
  • Question
Ajax Control Toolkit - HTML Editor
Replies
1
Views
175
jbenson001
jbenson001
wbodger
  • Locked
  • Question
moving from FckEditor to AjaxControlToolKit HTMLEditor one big question
Replies
0
Views
86
wbodger
wbodger
Badgers
  • Locked
  • Question
regex - include html tags but exclude self closing tags
Replies
0
Views
128
Badgers
Badgers

Part and Inventory Search

Sponsor

Back
Top