<cfset form[var] = SOmeFunctionToStripInvalidChars(form[var])>
</cfloop>
And the same for url & cookie
The regexp won't work, because it is JS syntax (I think) and NOT CF
syntax.
/ is a normal character in CF
\%3C will match "%3C" and not the ascii character corresponding with the
hexcode 3C
/I will match /I and not make the regexp case insensitive
.....
Pascal
> -----Original Message-----
> From: Ian Vaughan [mailto:[EMAIL PROTECTED]
> Sent: vrijdag 25 juni 2004 12:38
> To: CF-Talk
> Subject: RE: Coldfusion & Regex
>
> Pascal
>
> How would I reference the scopes url, form etc ? A snippet
> would help me get me head around this.
>
> So why wouldnt the code (regex) below work in coldfusion ??
>
> cfscript>
>
> function isValid( strInput ){
>
> // NOTE: the hash character must be escaped
> // to prevent the CF engine thinking it's the start
> // of a variable name
> var reRegEx = "/(\%27)|(\')|(\-\-)|(\%23)|(##)/ix";
> var reRegEx =
> "/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47)
> )[^\n]+((\
> %3E)|>)/I";
>
> if( REFindNoCase( reRegEx, arguments.strInput ) GT 0 ){
> return false;
> } else {
> return true;
> }
> }
>
> </cfscript>
>
> ________________________________
>
> From: Pascal Peters [mailto:[EMAIL PROTECTED]
> Sent: 25 June 2004 11:16
> To: CF-Talk
> Subject: RE: Coldfusion & Regex
>
>
> Use <cfqueryparam> to prevent sql injection.
>
> You can do what you described in the application.cfm on the
> scopes url,
> form, cookie. Loop over the scopes and check the vars. The
> regexps in CF
> are different though:
>
> http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/regexp.htm
>
> Pascal
>
> > -----Original Message-----
> > From: Ian Vaughan [mailto:[EMAIL PROTECTED]
> > Sent: vrijdag 25 juni 2004 10:58
> > To: CF-Talk
> > Subject: Coldfusion & Regex
> >
> > Can anybody on the list provide any examples of using
> > coldfusion with regex.
> >
> > For example I have the following line of regex that checks
> > for the detection of SQL meta characters, which will help
> > prevent SQL Injection etc
> >
> > /(\%27)|(\')|(\-\-)|(\%23)|(#)/ix
> >
> > I envisage this will be placed in the application .cfm of the
> > site, but how would you integrate it in with coldfusion to
> > check for invalid input via cookies, form input, http
> entries etc???
> >
> > Any ideas would be most welcome
> >
> > Thanks
> >
> > Ian
> >
> >
> >
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
