2

Morning,

I trying to create an asp "classic" version of the follow jquery/javascript function to prevent malicious code being entered in to the database.

As the user types the product name into an input field it automatically changes the html value of the permlink P and an hidden input field. Once the user hits the submit button I would like it to validate on the server side before being entered into the database.

$(".item-name").keyup(function() {
$("p.permlink").empty().html(convertToSlug($(this).val())+".html");
$(".permlink-input").empty().val(convertToSlug($(this).val())+".html");
});


function convertToSlug(Text)
{
return Text
    .toLowerCase()
    .replace(/[^\w ]+/g,'')
    .replace(/ +/g,'-')
    ;
}

The only way I would know is to use the asp replace function for every character on the keybord.

replace(strItem, "<", "")
replace(strItem, ">", "")
replace(strItem, "/", "")
replace(strItem, "\", "")
... etc etc

Regards Shane

Shane
  • 45
  • 9
  • 1
    Why can't you use Classic ASP's Regex Replace and do the same as what you've done in the Javascript? [Another post explaining Classic ASP Regex](http://stackoverflow.com/questions/6675920/using-classic-asp-for-regular-expression?rq=1) – Jamie Barker Mar 25 '14 at 11:18
  • Hi Jamie, thats what im after but I dont know to do it using regex. – Shane Mar 25 '14 at 12:10
  • @Shane That link provides all the information you need, include the `RegExResults()` function. You may want to modify it to a `Test` instead of a `Execute()`. – user692942 Mar 25 '14 at 13:47
  • If you do a search you should be able to find a function to sanitise a database input - there's one here -http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx. I suggest you also consider paramaterised queries and - if your db supports them, stored procedures. You'll find plenty of questions about both on Stack Overflow – John Mar 25 '14 at 15:22
  • @John That isn't what he is asking for and if it was I'd be suggesting Parametrised Queries rather then linking to a script which is just pointless as it will have more false positives then is useful. Sanitizing input to protect against SQL Injection and sanitizing input to remove HTML is different. That's why like Jamie I'd recommend a `RegEx` solution. – user692942 Mar 26 '14 at 07:20
  • sorry all, what im after is: if a client adds a new item for sale in his website and the product name its "10ltrs of white paint" then the jquery on "keyup" will copy that text from the input field in to another hidden input field called permlink. the value would be "10ltrs_of_white_paint.html" to create a url rewrite link or as some websites call it a permlink. should the user bypass the jquery i need a backup on the server side. thanks for your help in advanced. – Shane Mar 26 '14 at 08:14

1 Answers1

1

Just found this on a blog works the same as the jquery. it converts a string to url/seo. seems to work perfectly.

there is no name to the blog just "blogger classicasp" credit given where credit due.

Function isURL(strURL)

Dim Slug, re, re2

'Everything to lower case
Slug = lcase(strURL)

' Replace - with empty space
Slug = Replace(Slug, "-", " ")

' Replace unwanted characters with space
Set re = New RegExp
re.Pattern = "[^a-z0-9\s-]"
re.Global = True
Slug = re.Replace(Slug, " ")

' Replace multple white spaces with single space
Set re2 = New RegExp
re2.Pattern = "\s+"
re2.Global = True
Slug = re2.Replace(Slug, " ")

Slug = Trim(Slug)

' Replace white space with -
Slug = Replace(Slug," ", "-")

isURL = Slug

End Function
Shane
  • 45
  • 9