Pascal


How would I reference the scopes url, form etc ? A snippet would help me
get me head around this.


So why wouldnt the code (regex) below work in coldfusion ??


cfscript>


function isValid( strInput ){


            // NOTE: the hash character must be escaped
            // to prevent the CF engine thinking it's the start
            // of a variable name
            var reRegEx = "/(\%27)|(\')|(\-\-)|(\%23)|(##)/ix";
            var reRegEx =
"/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\
%3E)|>)/I";


            if( REFindNoCase( reRegEx, arguments.strInput ) GT 0 ){
                        return false;
            } else {
                        return true;
       }
}


</cfscript>

________________________________

From: Pascal Peters [mailto:[EMAIL PROTECTED]
Sent: 25 June 2004 11:16
To: CF-Talk
Subject: RE: Coldfusion & Regex

Use <cfqueryparam> to prevent sql injection.

You can do what you described in the application.cfm on the scopes url,
form, cookie. Loop over the scopes and check the vars. The regexps in CF
are different though:

http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/regexp.htm

Pascal

> -----Original Message-----
> From: Ian Vaughan [mailto:[EMAIL PROTECTED]
> Sent: vrijdag 25 juni 2004 10:58
> To: CF-Talk
> Subject: Coldfusion & Regex
>
> Can anybody on the list provide any examples of using
> coldfusion with regex.
>  
> For example I have the following line of regex that checks
> for the detection of SQL meta characters, which will help
> prevent SQL Injection etc
>  
> /(\%27)|(\')|(\-\-)|(\%23)|(#)/ix
>  
> I envisage this will be placed in the application .cfm of the
> site, but how would you integrate it in with coldfusion to
> check for invalid input via cookies, form input, http entries etc???
>  
> Any ideas would be most welcome
>  
> Thanks
>  
> Ian
>
>
>
________________________________
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]

Reply via email to